Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

(ISC)² CISSP Certification Now Comparable to Masters Degree Standard

The Certified Information Systems Security Professional (CISSP) certification has been found comparable to Level 7 of the Regulated Qualifications Framework (RQF) in the UK, denoting that the certification is comparable to Masters degree standard.


This further validates the achievement of CISSP-certified professionals in their ongoing career and qualification progression and supports educational institutions looking to determine weighting of a relevant certification to award course credits. It follows the American Council on Education’s College Credit Recommendation Service (ACE CREDIT®) recognizing six (ISC)² certifications as eligible for college credit.


The benchmarking of the CISSP was conducted by UK NARIC, the UK’s designated national agency responsible for providing information and expert guidance on academic, vocational and professional qualifications from across the world. UK NARIC conducted an in-depth independent benchmarking study of the CISSP certification, using its well-established methodology for credential evaluation. This involved reviewing core qualification components as well as a comparative analysis of the skills assessed during a candidate’s computer adaptive test (CAT) examination to the RQF.


The analysis saw UK NARIC conclude the qualification assessed knowledge and skills comparable to the RQF Level 7 standard, with clear emphasis on assessing specialized cybersecurity knowledge, understanding and application of skills including: organizational problem solving and decision making, awareness and correct use of industrial standards, policy and best practice, along with understanding and appropriate use of methodologies, techniques and training in relation to cybersecurity.


“Recognizing the CISSP as comparable to Masters level qualifications further underlines the robust educational and operational value of the certification within Europe,” said Deshini Newman, managing director EMEA at (ISC)². “It will support our members in their career progression as they embark on opportunities both within their own organizations and externally when applying for roles with degree entry criteria.”


The RQF is a framework developed by the UK Government to describe the demands in different qualifications across an eight-level scale. The RQF can be used to help understand how qualifications relate to each other. As the levels of the RQF have also been referenced to the eight levels on the European Qualifications Framework (EQF), the RQF and EQF can help employers understand and compare qualifications awarded in different countries, allowing for portability or transferability across the region.


UK NARIC’s independent benchmarking of the CISSP to the RQF enables certification holders to understand how their qualification compares in the context of the UK education system, and to the RQF.


UK NARIC’s recognition of the certification is effective immediately and extends to all members in good standing that hold the CISSP. If you have additional questions about your certification, please contact

ISC2 Community Manager
30 Replies
Newcomer III

@Beads ,


I appreciate your comment, but would like to express that my intention was that the time and effort to gain the experience and knowledge to pass the CISSP is equivalent. Not simply taking the test.


Thank you for your service in the military.



Advocate I

Given that thought. Nearly any course of study would then be the equivalent of an MBA. The PMP would be a much closer comparison than the CISSP. Given this many, many more career field certifications such as CPA, PE and Series 9 would also be comparable to an MBA. Series 9 and the CPA would be better examples than the PE.


If we expanded the CISSP to include more business skill, which is desperately needed in security, I would be more sympathetic. Today, as it stands, not so much.


- b/eads


p.s. My only regret in life was leaving the military too early but I served for the right reasons not to be thanked like we constantly do today.

Community Champion

I think unfortunately the news article and the blog were out of synch.  And the news article DID NOT refer to the blog.  Had they been tied together in some fashion  (even here on the Community) there might not be as much angst  about this as there seems to be.  And yes I know reporters sometimes mis-quote, exaggerate, etc.  and sometimes leave out key comments.


Here is another take on this:

Advocate I

Bob Covello's thoughtful reply and recognition of the topic was spot on and reflects many the same talking points I myself and others have said for years, particularly that of being a practice. You are never done studying, learning or transferring knowledge to others. Certification, no offense has become controversial only in the practice of hiring under qualified but certified individuals over the years when the labor market was tight for this field. If you practiced security or InfoSec back before anyone cared about the field you know what I am referring. If not and you think the sky is the limit, think again. Been through market ups and downs before, this too shall pass, if it hasn't already.


Also, happy to see the ISC(2) take a good hard, measured look at what was stated by the UK governance board and how it applies here in the real world to real practitioners. Hopefully we can head off a rush of new candidates looking for fulfill their "Master's degrees" aspirations by completing a single exam. The two cannot be equated.


Happy security practice!


- b/eads

Influencer II

@Craftyfellow wrote:

Still trying to wrap my head around what this actually means.

I think mostly it means that, in the UK, and eventually the EU, and, over time, increasingly in the US, salaries for jobs requiring a CISSP will approximate salaries for jobs requiring a Masters.


(Which may come to mean that fewer jobs will require a CISSP.)


Other posts:

This message may or may not be governed by the terms of or
Viewer III

Brilliant! Does that mean if you already have a Masters degree, you are now Double Masters ?
Newcomer I

I was going to write a response to what Cragin Shelton had written but he really did a great job in summarizing what my issue was with the CPE requirement hurdles and the (IMO) draconian measures that ISC2 has in restricting this hard won certification.  I am currently employed and use my CISSP knowledge every day and have to take training on new tools and initiatives to stay current and provide the expected service to my employer.  I stayed current with my dues and tried to keep up with CPE credits but could not.  I will retire in the next few years and a "CISSP (Retired)" tagline would be great as I would like to provide help to the community in CyberSecurity as this help is greatly needed as the "arms race" continues to evolve.  Could ISC2 respond to this thread, please?  

Advocate I



You bring up some interesting points but don't list any remedy to your complaints. Can you expand on how you would rectify the program as you see? I am very much interested in the discussion.


- b/eads

Newcomer I

Craig Shelton has a post and ISC2 has a response that has the currenr status for this question ...
Craig Shelton's question ... "Does "CISSP Retired Still Exist?"

ISC2's response ...
Retired Status Policy
Section 4 and specifically
I myself have an issue with the 10 Year clause but that is the policy ...
Advocate II

Has anyone noticed that higher degrees in many fields don't necessarily result in higher salaries?  I started out in IT in very early 90s with colleagues who has first class honours degrees, MSCs and even doctorates.  Because employers knew we were keen to get on in our careers and gain work experience we were paid below market rate.  A masters can take 2 or 3 years by distance learning, whilst you can bag the CISSP with a weeks study.  You read maybe 30-50 text books and numerous case studies for a masters; the CISSP was 3 books and 7 days study.  You write assignments, take many exams and a thesis for a master and do a multiple choice test for a CISSP.  Draw your own conclusions on which takes the greater commitment.