What is the ISC2 ISSEP (Information Systems Security Engineering Professional) certification?
The International Information Systems Security Certification Consortium, or ISC2, provides several renowned standardized information security certifications for IT professionals.
The Information Systems Security Engineering Professional (ISSEP) certification validates your knowledge and skills in applying security engineering principles to business processes. Starting October 2023, professionals can pursue this certification through two paths: either as a CISSP certification holder or through direct qualification with relevant experience.
For more certification information, download our Cybersecurity certification and skills roadmap.
Earn your CISSP, guaranteed!
What is the ISSEP?
The ISSEP certification (previously known as the CISSP-ISSEP exam) was developed in conjunction with the U.S. National Security Agency (NSA) to recognize professionals who specialize in applying systems engineering principles and processes to build secure systems.
This certification demonstrates an elite level of knowledge in implementing security controls to meet current information protection needs and the ability to integrate security across all aspects of business operations.
Who should earn the ISSEP?
According to ISC2, the ISSEP suits professionals working in roles such as:
- Senior systems engineers
- Information assurance system engineers
- Information assurance officers
- Information assurance analysts
- Senior security analysts
There are now two paths to qualify for the ISSEP examination:
Path 1: CISSP holders
- Must have valid CISSP credentials
- Must have at least two years of experience in two or more ISSEP domains
- No additional Annual Maintenance Fee (AMF) required
- Need 60 CPE credits every three years for maintenance
Path 2: Direct qualification
- Requires seven years of experience in two or more ISSEP domains
- Annual Maintenance Fee of $125 if this is your first ISC2 certification, or a $75 increase if you hold the CC
- Need 140 CPE credits every three years for maintenance
To schedule an exam, create an account at Pearson VUE to register and pay for the exam (see ISC2 website for up-to-date pricing). The ISSEP certification doesn't require an endorser when completing the online application.
What are the ISSEP domains?
The five domains of the ISSEP Common Body of Knowledge (CBK) are as follows:
Domain 1: Systems security engineering foundations – 25%
- Apply systems security engineering fundamentals
- Execute systems security engineering processes
- Integrate with applicable system development methodology
- Perform technical management
- Participate in the acquisition process
- Design trusted systems and networks
Domain 2: Risk management – 14%
- Apply security risk management principles
- Address risk to the system
- Manage risk to operations
Domain 3: Security planning and design – 30%
- Analyze the organizational and operational environment
- Apply systems security principles
- Develop system requirements
- Create system security architecture and design
Domain 4: Systems implementation, verification and validation – 14%
- Implement, integrate and deploy security solutions
- Verify and validate security solutions
Domain 5: Secure operations, change management and disposal – 17%
- Develop secure operations strategy
- Participate in secure operations
- Participate in change management
- Participate in the disposal process
The ISSEP exam outline covers the domains, weights and subdomains on which you will be tested; the official document has been updated to describe the topics accurately. The certification exam was last updated in November 2020. The exam suits those who have experience, skills or knowledge to do the following:
- Understand and apply information system security engineering processes as the information system security engineer on the systems engineering team.
- Analyze system security risk throughout the system development lifecycle within the context of system operations and organizational risk tolerance.
- Analyze, design, develop and evaluate the security design and architecture for systems using security engineering processes and principles.
- Develop system solutions that employ security functions and provide adequate protection to system functions.
- Choose the most effective security configurations and designs to ensure system security during operations, change management and disposal.
What does the ISSEP exam involve?
The ISSEP exam spans three hours and consists of 125 multiple-choice questions. This includes 100 operational questions and 25 pre-test items. You'll need to score 700 out of 1,000 points to pass.
The exam tests your knowledge across all five domains, with questions weighted according to the domain percentages outlined above. It's currently available in English only.
What are the best ISSEP study resources?
For comprehensive exam preparation, Infosec Institute provides specialized resources:
- ISSEP Boot Camp — Get hands-on training with our expert instructors
- Cybersecurity salary guide — Understand career growth potential
- Cybersecurity certifications and skills roadmap — Plan your certification path
ISC2 also offers resources like flashcards and a practice quiz. Most successful candidates use a mix of study methods to prepare for the exam. Consider:
- Taking an instructor-led boot camp for structured learning
- Using flashcards for domain-specific terminology review
- Joining study groups to discuss complex concepts
- Reading the official CBK materials for deep understanding
- Working through practice questions to familiarize yourself with the exam format
Remember to focus on understanding the practical application of security engineering principles rather than just memorizing concepts.
Earn your CISSP, guaranteed!
Obtaining your ISSEP certification
The ISSEP certifies the security capabilities of system engineers who can demonstrate significant experience in the field. Through either the CISSP or direct qualification path, this certification can elevate your career prospects and earning potential.
ISSEP-certified professionals earn a high salary as holders are generally later in their careers and have developed more specific engineering skillsets. However, salary can vary quite a lot based location, job responsibilities and experience level. The certification stands out on resumes, particularly for roles focused on security engineering and system architecture.
The ISSEP certification proves your ability to integrate security engineering principles into business processes and validates your expertise in building secure systems. Whether advancing from a CISSP or qualifying through experience, the ISSEP can help take your career to the next level.
Ready to start your ISSEP journey? The Infosec ISSEP Boot Camp provides comprehensive preparation with expert instructors as well as an Exam Pass Guarantee.
In this Series
- What is the ISC2 ISSEP (Information Systems Security Engineering Professional) certification?
- CISSP domains overview: Your complete preparation guide
- What is the ISC2 ISSMP (Information Systems Security Management Professional) certification?
- What is the ISC2 ISSAP (Information Systems Security Architecture Professional) certification?
- CISSP experience waiver: What you need to know
- CISSP concentrations: How ISSAP, ISSMP & ISSEP have changed
- Mitigating access control attacks in the CISSP exam
- CISSP DoD 8140: What changed from DoD 8570?
- CISSP jobs in 2025: Cybersecurity manager outlook and career opportunities
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring
- CISSP interview prep: 10 common questions and answers
- CISSP resources: Free books, videos, practice exams and other study tools
- CISSP certification cost and requirements (2025): Your complete preparation guide
- Perimeter defenses: What you need to know for the CISSP exam
- Understanding control frameworks and the CISSP
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- Due care vs. due diligence: What you need to know for the CISSP exam
- The ISC2 code of ethics: A binding requirement for certification
- Security governance principles: What you need to know for the CISSP exam
- Understanding access control: A CISSP certification guide
- Renewal requirements for the CISSP certification
- Secure communication channels: What you need to know for the CISSP exam
- Risk management concepts and the CISSP
- CISSP: Business continuity planning and exercises
- Data and system ownership in the CISSP exam
- Information and asset classification in the CISSP exam
- Incident management and the CISSP exam: What you need to know
- CISSP prep: Security policies, standards, procedures and guidelines
- Earning CPE credits to maintain the CISSP
- Data security controls and the CISSP exam
- CISSP: Disaster recovery processes and plans
- Vulnerability and patch management in the CISSP exam
- Secure system design principles: CISSP exam concepts and frameworks
- Certification and accreditation: What’s on the CISSP exam?
- Change management and the CISSP
- Threat modeling and the CISSP
- CISSP exam questions: 5 drag & drop and hotspot questions
- CISSP certification salary: A comprehensive 2025 salary guide
- 8 tips for CISSP exam success in 2025
- Environmental controls and the CISSP
