CCSP exam and CBK changes in August 2024
The International Information System Security Certification Consortium or ISC2, introduced changes to its Certified Cloud Security Professional (CCSP) certification on August 1, 2024. This is the third update since its inception in 2015, preceded by the last update from August 2022. These enhancements aim to better align CCSP domains with the latest changes in cloud security and the newest trends in cloud computing technologies and methodologies, including emerging, fast and sophisticated threats.
This article explores the 2024 changes to the exam, as well as the 2022 changes to the domains covered by the CCSP certification exam. These changes are closely related to the roles and responsibilities of today’s practicing cloud security professionals. They are drawn from various topics in the updated ISC2 CCSP common body of knowledge (CBK), a comprehensive framework of information security terms, principles, skills and techniques that a competent professional must know and use.
Earn your CCSP, guaranteed!
By reviewing the new topics covered by the exam, you can identify areas of study that may need additional attention if you want to pass the test on the first attempt.
What changes were made to the CCSP exam in 2024?
As of August 1, 2024, the CCSP exam was reduced from 150 to 125 multiple-choice questions. To accommodate this change, the time allotted for the exam decreased from four hours to three hours. In this update, the domains, their weight and the exam format all remain the same.
What changes were previously made to CCSP domains and their weight?
Although the 2024 update did not lead to any domain changes, the previous update impacted the domains and their weights. As a result of the CCSP domain refresh on August 1, 2022, minor adjustments from the 2019 version were made: a 1% change in the weights for Domain 2: Cloud data security and Domain 5: Cloud security operations. All other domain weights are identical.
| Major Domains | August 2019 | August 2022 |
| Domain 1: Cloud concepts, architecture and design | 17% | 17% |
| Domain 2: Cloud data security | 19% | 20% |
| Domain 3: Cloud platform and infrastructure security | 17% | 17% |
| Domain 4: Cloud application security | 17% | 17% |
| Domain 5: Cloud security operations | 17% | 16% |
| Domain 6: Legal, risk and compliance | 13% | 13% |
| Total | 100% | 100% |
Although these changes seem minor, ISC2 added new cloud security concepts in 2022 and removed some content from the CCSP CBK. All domains have been updated or realigned to test the knowledge and hands-on experience in cloud security architecture, design, operations and service orchestration that today’s professionals need.
Skills covered in each of the CCSP domains
In each of the six CCSP domains, you will find critical topics you should know. These are areas you need to study before getting tested. To prepare effectively, review the modules, as they highlight critical information which can help you pass the exam for certification.
CCSP Domain 1, Cloud concepts, architecture and design is an overview of cloud computing concepts, models (services and deployments) and principles.
- 1.1 Understand cloud computing concepts
- 1.2 Describe cloud reference architecture
- 1.3 Understand security concepts relevant to cloud computing
- 1.4 Understand design principles of secure cloud computing
- 1.5 Evaluate cloud service providers
CCSP Domain 2, Cloud data security is an overview of data classification and categorization, data lifecycle stages, data retention and auditing.
- 2.1 Describe cloud data concepts
- 2.2 Design and implement cloud data storage architectures
- 2.3 Design and apply data security technologies and strategies
- 2.4 Implement data discovery
- 2.5 Plan and implement data classification
- 2.6 Design and implement information rights management (IRM)
- 2.7 Plan and implement data retention, deletion and archiving policies
- 2.8 Design and implement auditability, traceability and accountability of data events
CCSP Domain 3, Cloud platform and infrastructure security requires a baseline knowledge of cloud security strategies, risks and responsibilities, storage and a business continuity program.
- 3.1 Comprehend cloud infrastructure and platform components
- 3.2 Design a secure data center
- 3.3 Analyze risks associated with cloud infrastructure and platforms
- 3.4 Plan and implementation of security controls
- 3.5 Plan business continuity (BC) and disaster recovery (DR)
CCSP Domain 4, Cloud application security is an overview of the software development lifecycle, testing, architecture and auditing of cloud services.
- 4.1 Advocate training and awareness for application security
- 4.2 Describe the secure software development life cycle (SDLC) process
- 4.3 Apply the secure software development life cycle (SDLC)
- 4.4 Apply cloud software assurance and validation
- 4.5 Use verified secure software
- 4.6 Comprehend the specifics of cloud application architecture
- 4.7 Design appropriate identity and access management (IAM) solutions
CCSP Domain 5, Cloud security operations includes ways of achieving data center high availability through redundancy, capacity/maintenance monitoring, risk management and change/configuration monitoring. It also covers data center redundancy and standards.
- 5.1 Build and implement physical and logical infrastructure for cloud environment
- 5.2 Operate and maintain physical and logical infrastructure for cloud environment
- 5.3 Implement operational controls and standards [e.g., information technology infrastructure library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1)
- 5.4 Support digital forensics
- 5.5 Manage communication with relevant parties
- 5.6 Manage security operations
Earn your CCSP, guaranteed!
CCSP Domain 6, Legal, risk and compliance covers the laws, regulations and standards for protecting data in cloud computing.
- 6.1 Articulate legal requirements and unique risks within the cloud environment
- 6.2 Understand privacy issues
- 6.3 Understand audit process, methodologies, and required adaptations for a cloud environment
- 6.4 Understand implications of cloud to enterprise risk management
- 6.5 Understand outsourcing and cloud contract design
Comparison of old and new exams
Effective August 1, 2024, the CCSP exam decreased from 150 total questions to 125. As a result, the exam time also decreased from four to three hours.
Prior to this change, the last update was effective on August 1, 2022. During the 2022 update, the CCSP exam increased from 100 operational items with 25 pretest (unscored) items to 100 operational items with 50 pretest items. As a result, the exam time increased from three to four hours.
Explore the history of the exam in the table below.
| Exam format | Pre-2022 | 2022 update | 2024 update |
| Length of the exam | 3 hours | 4 hours | 3 hours |
| Number of questions | 125 | 150 | 125 |
| Type of questions | Multiple choice | Multiple choice | Multiple choice |
| Passing score | 700 points out of 1000 | 700 points out of 1000 | 700 points out of 1000 |
The refreshed CCSP exam costs U.S. $599 and is available in English, Chinese, German, Japanese, Korean and Spanish. Pearson VUE administers tests.
Can I appear for the refreshed CCSP exam with old CCSP material?
Yes, you can take the exam if you have already studied the previous CCSP CBK and have current experience in the field. Nevertheless, ISC2 cannot guarantee that you will pass the exam merely using old material. To be safe, you should look for updated material and courses based on the latest exam content outline to avoid risking failure on test day.
How do I prepare for the new CCSP exam?
First, you must thoroughly examine the new topics and pay special attention to the recent CCSP CBK because it represents the most up-to-date concepts for the upcoming exam.
Devise a learning path that covers in-depth all cloud security knowledge topics covered by the domains and also focuses on those areas in which you feel less versed. Make full use of the available updated CCSP training courses and options listed below.
Study resources
Begin by checking out the ISC2 self-study resources webpage, where you can get 50% off official training aids as a member benefit. These options allow CCSP exam candidates to learn at their own pace using traditional textbooks and more contemporary tools, such as interactive flashcards and study apps.
Below are some CCSP instructional materials to help you do better on exam day:
- Official ISC2 CCSP Study Guide, 2nd Edition
- Official ISC2 CCSP CBK Reference, 3rd Edition
- Official ISC2 CCSP Practice Tests, 2nd Edition
Community discussion
The ISC2 Community features a CCSP study group. Users who are preparing for the exam or have recently passed the test create discussion threads.
The TechExams’ community forum is another group where certification-seekers and -holders can share general information on the exam topics.
Appropriate training
The official ISC2 CCSP training course will help students review and refresh their knowledge and identify areas they need to study. In addition, the ISC2 official CCSP CBK training seminar can help professionals measure their competence against a globally recognized body of knowledge.
ISC2 training partners and reputable accredited training providers are also excellent options because they deliver the most relevant, up-to-date course content in various formats to better fit the needs and preferences of students. Online boot camp-style options, for example, provide direct access to an instructor in a condensed format that concentrates live learning into a very limited number of days while giving longer-term access to online resources to fine-tune preparation.
Earn your CCSP, guaranteed!
Updates to the CCSP exam and CBK changes
As securing cloud services remains a challenge, employers seek those who meet the certification requirements for the CCSP vendor-neutral credential offered by the ISC2 for their knowledge and experience of cloud security architecture, design, operations and service orchestration, which this credential certifies.
Preparation is key to grasping the six domains and numerous subdomains and earning one of the most advanced cloud security certifications available today.
For more on the CCSP certification, check out our CCSP certification hub.
Sources:
- CCSP, ISC2
- CCSP Study Group, ISC2
- Official Training Partners, ISC2
- ISC2 Certification Testing, Pearson VUE
- ISC2 Self-Study Resources, ISC2
- CBK Suggested References, ISC2
- CCSP: Certification Exam Outline, ISC2
- CCSP Domain Refresh FAQ, ISC2
- The Ultimate Guide to the CCSP, ISC2
- CCSP Training Course Outline, ISC2
- CCSP Exam — Many Changes on the Way!, ISC2 Blog
- CCSP Domain Changes Effective August 1, 2022, ISC2 Community Manager
- Exam Pass Guarantee
- Live expert CCSP instruction
- CCSP exam voucher
In this Series
- CCSP exam and CBK changes in August 2024
- CCSP Certification: Overview and Career Path [updated 2022]
- Average CCSP salary [updated 2023]
- How to become CCSP certified – Certification requirements
- CCSP exam details and process in 2024: Your guide to cybersecurity certification success
- Test your cloud knowledge with these CCSP sample questions
- CCSP: Overview of Domains [updated 2022]
- CCSP study resources [updated 2024]
- Maintaining your CCSP Certification: Renewal Requirements
- Earning CCSP CPE credits
- Job outlook for CCSP cert holders [updated 2022]
- CCSP Domain #1: Cloud concepts, architecture, and design [updated 2022]
- CCSP Domain #2: Cloud data security [updated 2022]
- CCSP Domain 3: Cloud Platform and Infrastructure Security [updated 2022]
- CCSP Domain 4: Cloud Application Security [updated 2022]
- CCSP Domain 5: Cloud security operations [updated 2022]
- CCSP Domain 6: Legal, Risk and Compliance [updated 2022]
- CCSP certification cost and requirements (2024): Your complete preparation guide
- Top 5 things you must know to pass the CCSP
