Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Kaity
Community Manager
Community Manager
‎10-13-2025 03:43 PM
‎10-13-2025 03:43 PM

CISSP Experience Waiver Changes Coming (April 2026)

Effective April 1, 2026, the list of credentials that satisfy a waiver for one year of the required work experience for CISSP will be reduced. We are providing advance notice of this change for any candidates who are preparing for the CISSP exam and planning to use the current list of credentials to waive one year of the experience requirement. The new list will be applicable to anyone who submits their CISSP certification application on April 1, 2026 and beyond.

 

As a reminder, the experience requirement for CISSP is a minimum of five years cumulative, full-time experience in two or more of the eight domains of the current CISSP Exam Outline. Part-time work and internships may also count towards the experience requirement.

 

Earning a post-secondary degree (bachelors or masters) in computer science, information technology (IT) or related fields may satisfy up to one year of the required experience or you can use a credential from the ISC2 approved list. You cannot, however, use both a degree and a credential to waive two years from the experience requirement.

Reply
4 Replies
AlecTrevelyan
Community Champion
‎10-14-2025 03:44 PM
‎10-14-2025 03:44 PM

Thanks Kaity,

 

I make that the removal of 31 certifications from the previous list of 50, with the addition of 6 new ones making the new total 25. (3 of the new ones being the now standalone ISSAP, ISSEP and ISSMP which is understandable.)

 

I won't comment any further on the changes or how the decisions to add or remove any were arrived at, other than to say I certainly appreciate the efforts to try and add more rigour around ensuring future CISSPs have relevant work experience.

 

I hope I can look forward to hearing something similar for the CCSP soon...

 

Reply
0 Kudos
AlecTrevelyan
Community Champion
‎10-14-2025 03:45 PM
‎10-14-2025 03:45 PM

Being removed:

 

AZ-500 Azure Security Engineer Associate
Certified Computer Examiner (CCE)
Certified Ethical Hacker v8 or higher
Certified Information Systems Auditor (CISA)
Certified Internal Auditor (CIA)
Certified Protection Professional (CPP) from ASIS
Certified in Risk and Information Systems Control (CRISC)
Certified Wireless Security Professional (CWSP)
Cisco Certified CyberOps Associate/Professional
CIW Web Security Professional
CIW Web Security Specialist
Computer Hacking Forensic Investigator (CHFI)
CSA Certificate of Cloud Security Knowledge (CCSK)
EC-Council Certified Security Specialist (ECSS)
EC-Council Certified SOC Analyst (CSA)
GIAC Certified Enterprise Defender (GCED)
GIAC Certified Forensic Analyst (GCFA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Cyber Threat Intelligence (GCTI)
GIAC Security Essentials Certificate (GSEC)
GIAC Strategic Planning, Policy, and Leadership (GSTRT)
GIAC Systems and Network Auditor (GSNA)
INE eCPPT Certification (Certified Professional Penetration Tester)
INE eJPT (Junior Penetration Tester)
Information Security Management Systems Lead Auditor (IRCA)
Information Security Management Systems Principal Auditor (IRCA)
Juniper Networks Certified Internet Expert (JNCIE-SEC)
Microsoft Identity and Access Management
Microsoft Security Operations Analyst
Offensive Security Certified Professional/Expert (OSCP/E)

 

Staying:

 

AWS Certified Security - Specialty
Certified Cloud Security Professional (CCSP)
Certified in Governance, Risk and Compliance (CGRC)
Certified Information Security Manager (CISM)
Certified Secure Software Lifecycle Professional (CSSLP)
Cisco Certified Internetwork Expert (CCIE) Security
Cisco Certified Network Associate (CCNA)
Cisco Certified Network Professional Security (CCNP Security)
CompTIA Advanced Security Practitioner (CASP+)
CompTIA CySA+
CompTIA Security+
CompTIA SecurityX
GIAC Global Industrial Cyber Security Professional (GICSP)
GIAC Information Security Fundamentals (GISF)
GIAC Information Security Professional (GISP)
GIAC Security Leadership Certification (GSLC)
HealthCare Information Security and Privacy Practitioner (HCISPP)
Microsoft Certified Cybersecurity Architect
Systems Security Certified Practitioner (SSCP)

 

Being added:

 

Information Systems Security Architecture Professional (ISSAP)
Information Systems Security Engineering Professional (ISSEP)
Information Systems Security Management Professional (ISSMP)
Zscaler Digital Transformation Administrator (ZDTA)
Zscaler Digital Transformation Engineer (ZDTE)
Zscaler Digital Experience Administrator (ZDXA)

 

Edited ISSEP typo - thanks @nkeaton!

Reply
nkeaton
Advocate II
‎10-14-2025 04:02 PM
‎10-14-2025 04:02 PM

@AlecTrevelyan   Thank you.  I have analysis on my to do list; so I really appreciate you doing this.  You might want to edit the ISSEP.  Appreciate your work on this.  

Reply
0 Kudos
dcontesti
Community Champion
‎10-16-2025 05:56 PM
‎10-16-2025 05:56 PM

Having been involved in the original work that created the ISSAP, ISSMP and ISSEP, I disagree with allowing a one year exception for them towards the CISSP.

 

Like everything, things slip through the cracks, get modified, etc., etc.  The original intent on these certifications was to show ADVANCED knowledge in the areas or architecture, management and engineering......but through the years, that intent seems to have been lost.  First when they became stand alone certifications and now with the ability to claim one year's experience.

 

Unfortunately, like many other certifications (in my eyes), the CISSP is becoming nothing more than a paper cert.

 

d

 

Reply