Cybersecurity Evolving – 2022 Updates to CISSP

The 2022 Certified Information Systems Security Professional (CISSP) is the gold standard for individuals looking to successfully implement and manage security measures and defense. It is the #1 globally recognized certification in the information security market. Preparing for and obtaining the CISSP certification demonstrates possession of the skills required to successfully troubleshoot, implement, and manage security systems. While the content on the exam was most recently updated in 2021, there are some new updates to the exam itself. Let’s break down these changes along with the content covered on the exam.

CISSP Exam Domains

(Percentages notate portion of the exam dealing with each knowledge area)

  • Domain 1: Security and Risk Management – 15%
  • Domain 2: Asset Security – 10%
  • Domain 3: Security Architecture and Engineering – 13%
  • Domain 4: Communication and Network Security – 13%
  • Domain 5: Identity and Access Management (IAM) – 13%
  • Domain 6: Security Assessment and Testing – 12%
  • Domain 7: Security Operations – 13%
  • Domain 8: Software Development Security – 11%

Click here to view the CISSP Exam Outline

Exam Updates

At a glance:

  • Question increase from 100-150 to 125-175
  • Time-allotment increase from 3 to 4 hours

According to (ISC) ², supplemental pretest items and time will be added to the CISSP exam beginning June 1, 2022. These updates will not affect the topics or materials included in the exam. Previously, the CISSP CAT exam contained 25 pretest (or unscored) items. Test takers will now see an increase to 50 pretest items. Most notable for those preparing for the CISSP exam, this change will result in an increase of overall questions from 100-150 to 125-175. To account for this increase, the maximum amount of time testers will be allowed has increased from three to four hours.

Pretest items are included as a way for (ISC) ² to expand their question bank. These items are added as questions to the exam. They appear as normal questions to test takers, but do not impact the overall exam scores. The only purpose they serve is to test new questions which may be included in the list of scored questions on future exam versions.

Recent Content Additions


The 2022 CISSP exam covers many topics and content not covered on previous versions. One newer topic relates to privacy. Companies are looking for experts that can understand privacy risks to the business and help shape privacy protections based on their objectives. Due to the ever-changing nature of cybersecurity risks, privacy experts must be able to demonstrate an awareness of changes to privacy threats and the requirements needed to address these risks. Domain 1 (Security and Risk Management) of the CISSP now involves assessing not only security controls in the business but also privacy controls.

Data Protection

Along with privacy, an increased focus is put on data protection methods. With a steady increase in businesses operating in or moving to the cloud, Cloud Access Security Brokers (CASB) have become important entities to manage cloud resources. A CASB ensures that data is stored securely and gives great visibility into cloud usage. They also guarantee governance and compliance of company assets are been managed appropriately. Those preparing for the CISSP exam will see material involving CASBs in Domain 2 (Asset Security) of the course outline as well as questions regarding this topic on the exam.

Zero-Trust Networking

Zero-trust networking is the last of the newer topics referenced on the current CISSP exam. This topic is found in Domain 3 (Security Architecture and Engineering). Zero-trust networking assumes all data is de-parameterized (open to the internet) and unsafe if it is behind the corporate parameter. As previously mentioned, most corporate environments are connected to the cloud. A zero-trust networking model assumes breaches are occurring and verifies requests, explicitly. The addition of this topic accounts for new privacy and security issues businesses see. Companies require knowledge in these areas from their security professionals to ensure data and assets are fully secured.

What’s Next?

Possessing the industry recognized CISSP certification demonstrates high-level expertise in cybersecurity leadership and strategy. It is key to furthering your cybersecurity career and can increase your earning potential. Our 2022 CISSP prep course includes a review of the information needed to excel not only on the CISSP exam but also in overall employment goals.

Check out more information on our upcoming CISSP courses to begin expanding upon your cybersecurity career, today!

Scroll to Top