ISC2 · Official Blueprint
CISSP Exam Domains & Blueprint
The official ISC2 CISSP exam covers 8 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
CISSP Domain Weight Summary
Detailed Domain Breakdown
Domain 1: Security and Risk Management
Covers the core concepts, terminology, and skills tested under the Security and Risk Management section of the official exam blueprint.
Domain 2: Asset Security
Covers the core concepts, terminology, and skills tested under the Asset Security section of the official exam blueprint.
Domain 3: Security Architecture and Engineering
Network segmentation, zero trust architecture, cloud security models, virtualisation security, and resilience/redundancy design.
Domain 4: Communication and Network Security
Covers the core concepts, terminology, and skills tested under the Communication and Network Security section of the official exam blueprint.
Domain 5: Identity and Access Management
Covers the core concepts, terminology, and skills tested under the Identity and Access Management section of the official exam blueprint.
Domain 6: Security Assessment and Testing
Covers the core concepts, terminology, and skills tested under the Security Assessment and Testing section of the official exam blueprint.
Domain 7: Security Operations
Incident response lifecycle, digital forensics, threat hunting, SIEM/SOAR tools, log analysis, and security automation.
Domain 8: Software Development Security
Covers the core concepts, terminology, and skills tested under the Software Development Security section of the official exam blueprint.
How to Use Domain Weights in Your Study Plan
The heaviest domain on the CISSP is "Security and Risk Management" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use JT Exams domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Practice every CISSP domain
JT Exams tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.
No credit card · Cancel anytime
CISSP Concept Guides
CISSP Security Domains
The CISSP is designed for experienced security practitioners who think at a management and architecture level, not just a technical implementation level.
CISSP Access Control & Crypto
Two of the most heavily tested CISSP domains are Identity and Access Management and Security Architecture, and cryptography sits at the intersection of both.