Re: ISSAP Exam Changes – Effective August 2025

mariatirado · ‎06-30-2025

On August 1, 2025, ISC2 will update the ISSAP credential exam. These updates are the result of the Job Task Analysis (JTA), which is an analysis of the current content of the credential evaluated by ISC2 members on a triennial cycle.

For more information, please review the ISSAP Exam Outline

EmeraldCityDave · ‎07-01-2025

That's great that we keep the exams relevant to what is actually being asked of us as practitioners. Is there going to be an updated CBK or other official study guides? It seems like energy should be put into updating both, as the exam measures the candidates' knowledge of what should be captured in the CBK.

Cheers,
Dave

nkeaton · ‎07-03-2025

@EmeraldCityDave The CBKs for all of the former concentrations are from CRC which is who used to produce ISC2 materials. All current ISC2 materials are produced by Sybex. These certification exams are a little different. I passed both the ISSEP and ISSMP which are very in line with my experience. I did read the latest CBK for a historical perspective knowing that the material was probably not testable. The latest for the ISSEP (which has a much different history than the others) is 2005. I mostly used the NIST documents to prepare for those exams. Some I am already very familiar with; I read the ones that I was not familiar with. I am planning on attempting the ISSAP before the change. It tougher for me to think like an architect though. I am preparing for it the same way. So it is definitely possible to pass these exams without a CBK. The numbers are pretty small for actual certification holders which does make more sense to concentrate on the larger population. Oddly the CGRC (formerly CAP) has only ever had one CBK, and it was fairly worthless as far as anything that would help with the exam. So if your experience is in the field and read the NIST documents, it is possible to pass these exams. I never read any of the suggested references but the NIST ones. Best wishes.

neilgrib · ‎08-02-2025

I would be interested myself in knowing if any updated study material is being released.

lenzi

Hi Maria,

I'm planning to study and sit for the ISSAP exam in a few months time. From some research I can see that originally the exam was structured around 6 domains which has now been reduced to 4 domains. Can you provide some information or comment on what this means from a content and curriculum perspective? Does the exam overall still cover the same amount of content and it was simply condensed into 4 domains or has the overall content been made smaller? Or to ask this in another way - almost all the study material out there at the moment is centred around the 6 domains of the previous ISSAP structure. Will this material still be relevant as the same content is being tested but just condensed into 4 domains - OR - is the study shortened as there is less stuff covered in the exam?

Any insights into this would be much appreciated.

Thanks

nkeaton

@lenzi I have seen very little on this from ISC2 other than the weights of the updated domains. Since the former concentrations are not as popular as the CISSP, there will not be a lot out there on it in evaluating old vs new domains. I would concentrate on the exam objectives (ISC2 calls it an exam outline) for what need to know for the exam. I did see this which is not a lot but sounds like a reasonable evaluation from a 3rd party that does training. https://trainingcamp.com/articles/what-changed-with-issep-issap-and-issmp I know when we completed JTAs for ISC2 that reflected on what was happening currently in the field. Best wishes.