I am also interested in an official update regarding th the ISSEP course material.

Hello @TK, 

I just received an update from our team. The course should be ready sooner than the September timeframe listed in this article - we are thinking it may be ready as early as July!  At this time, the textbook is not being updated; however, it still can be used as a resource. You can also look at the following link to find other self-study items for the exam: https://www.isc2.org/Certifications/References

@SamanthaO_isc2,

The original ISSEP body of knowledge relied heavily on Chapter 3 of the National Security Agency (NSA) Information Assurance Technical Framework (IATF) for core content in the Information Systems Security Engineering (ISSE) domain. The IATF has not been publicly available for many years. The 2007 ISSEP study guide book mentioned above used the IATF extensively for its content.

The successor document to Chapter 3 for SSE is the relatively new NIST Special Publication 800-160 Volume i, Systems Security Engineering: Considerations for a Multidiscip..., first published in 2016 and last updated 3/21/2018. 

Can your team confirm whether the new ISSEP exam is based on NIST SP 800-160, or whether there are holdover questions from the old IATF Chapter 3?

Thanks.

Hi Dr. D. Craigin Shelton,

  My name is Toni Hahn and I work in exams.  While I can't tell you what is specifically on the test.  I can tell you the most common references used for the ISSEP by domain.  Hope this helps

Top 5 references per domain (some may have fewer)

Domain 1
NIST SP 800-30 Rev 1
NIST SP 800-100

Domain 2

NIST SP 800-30 Rev 1

PMBOK Guide v3
NIST 800-37 rev 1

NIST SP 800-160

NIST SP 800-64

Domain 3

NIST SP 800-160

NIST SP 800-37 Rev 1

FIPS 140-2

NIST SP 800-115

NIAP/CCE Pub v4 (https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/scheme-pub-1.pdf)

Domain 4

NIST SP 800-88 Rev 1

NIST SP 800-160
NIST SP 800-53 Rev 4

NIST SP 800-100

NIST SP 800-37 Rev 1

Domain 5
Systems Engineering Fundamentals by United States Government US Army  Publisher: CreateSpace Independent Publishing Platform (April 15, 2013)   ISBN-13: 978-1484120835

PMBOK Guide Edition 3

PMBOK Guide Edition 4

PMBOK Guide Edition 5

ISO/IEC 21827:2008 Preview available https://www.iso.org/obp/ui/#!iso:std:44716:en

Information technology -- Security techniques -- Systems Security Engineering -- Capability Maturity Model® (SSE-CMM®)

while the IATF isn't as popular this time it is available - (v3.1) here: http://www.dtic.mil/dtic/tr/fulltext/u2/a606355.pdf

Hi Toni,

Many thanks for the domain level references, that is a great help.

So essentially, if one digests all of those linked documents and can apply the principles then that would be sufficient?

Does that mean that (ISC)2 will cease to provide a dedicated course book for the ISSEP concentration in future?

Regards,

TK

@ToniHahn

Thanks for the detailed reference list. That helps quite a bit, and confirms that  SP 800-160 is key in two domains. 

I recommend that the list be updated to specify only SP 800-160 Volume 1 as the reference. Recent publication of Volume 2 forced the name change of the original release.

Also, quite fascinating that the PMBOK is listed as a key reference given that many enterprises consider the PMP a useful correlate certification to the CISSP, supplementing, not competing with, the CISSP. However, I STRONGLY recommend amending the list and filtering the exam question pool so that ONLY the current edition of the PMBOK is needed for study, and any questions derived from earlier editions but not found in the current one are removed from the question pool.