Anybody haven an inkling what ISC2's plans are for the CISSP Concentrations? The exams are still being updated, but the CBK books haven't been updated for many years, and there doesn't seem to be much interest in the market.
What do you mean by their plans?
Both the ISSAP and ISSEP exams have been updated very recently (Oct 2020 and Nov 2020 respectively) so they're certainly not going anywhere. Based on the typical 3-year exam update cycle a new ISSMP exam should be due next year.
While it's true to say the respective CBKs have not been updated for a long time, ISC2 do offer online training courses for the Concentrations: https://www.isc2.org/Training/Online-Self-Paced (NB - currently the ISSEP course is not running presumably due to it being updated to reflect last month's exam changes.)
Also, the suggested reference list is kept up to date for all ISC2 exams and would be my recommendation for study material: https://www.isc2.org/certifications/References
You say they're not being transparent - I say you're not looking in the right places for the information!
I do think ISC2 don't do enough to promote the Concentrations, but I suspect that's due to them holding rather cushy mandatory status for certain US federal roles - where the ISSAP and ISSEP are concerned they are the only certifications that qualify you for IASAE level 3 roles.
Outside of the US federal job market, even where I live in the UK, more and more jobs are listing Concentrations in their requirements, but you're right they're not as widely recognised as they should be especially when you consider there's not that much competition out there.
TOGAF is generic Enterprise Architecture and not security specific. SABSA is great and is pure Enterprise Security Architecture but you have to take their courses to be eligible for the exams, and they're largely unknown outside of the UK and Australia.
For specialist Security Engineering there's basically nothing else out there. I know some people will point to INCOSE and their certifications, but again they are not security specific, and again have next to no recognition in the general job market.
Of course on the Security Management side you do have CISM as a viable alternative to ISSMP.
The wording around the CCFP being made inactive mentioned "adoption rates compared to similar credentials in the market":
As I mentioned there really isn't much out there in terms of comparison to the Concentrations.
More importantly, the US federal requirements I mentioned before will ensure they remain as part of ISC2's certification line up for the foreseeable future.
In terms of being able to read a single book and then considering yourself to be a specialist that really isn't how I believe it should work.
Even when the CBKs were current people used to complain they didn't cover everything they needed to know for the exam, so you were always encouraged to supplement your knowledge and experience by studying additional references - this is true of all ISC2 exams.
If you really want to study for a Concentration, read the exam outline, identify any gaps in your knowledge and experience, choose books from the suggested reference list that will help you plug the gaps.
I spent an average of 70 hours' study on each of the Concentrations, and I think that's about right - not so much to be too onerous, but not so little that it would effectively make earning them trivial.