CISSP Domain Refresh 2021

CISSP Domain Refesh 2021

New CISSP Exam Outline

Effective Date: May 1, 2021

Quick Review

  • Domain 1
    • Emphasize Ethics
    • Emphasize authenticity and nonrepudiation (properties of Integrity)
    • Change “global” context to “holistic” context (legal and regulatory requirements)
    • Move Investigation types here from Domain 7
    • Change SCA to Control assessments (security and privacy)
    • Remove Asset valuation from risk management
    • Mention Risk maturity modeling
    • Use the term, Supply Chain Risk Management (SCRM)
    • Mention social engineering, phishing, security champions, and gamification
  • Domain 2
    • Use the term, asset handling requirements
    • Move Provision resources securely here from Domain 7
    • Specify data lifecycle
    • Emphasize asset retention (EOL, EOS)
    • Identify Data protection methods
    • Move Digital Rights Management (DRM) here from Domani 3
  • Domain 3
    • Specify secure design principles
    • Identify 15 (add 7 more) vulnerabilities of architectures, designs, and solution elements. (Microservices, Containerization, Serverless, High-Performance Computing systems, Edge computing systems, and Virtualized systems)
    • Emphasize cryptanalytic attacks
    • Emphasize Power (e.g., redundant, backup)
  • Domain 4
    • Cover more network archetypes: Micro-segmentation, Zigbee, satellite, 5G, CDN, Secure protocols, IPsec, IPv6, VXLAN, and SD-WAN
    • Add Third-party connectivity
  • Domain 5
    • Add Just-In-Time (JIT)
    • Rename “Integrate identity as a third-party service” to “Federated identity with a third-party service”
    • Change “On-premise, Cloud, and Federated” to “On-premise, Cloud, and Hybrid
    • Add Risk based access control
    • Improve provisioning lifecycle
    • Add Implement authentication systems
  • Domain 6
    • Add 2 testing: Breach attack simulations and Compliance checks
    • Add 3 topics under “Analyze test output and generate report”: Remediation, Exception handling, and Ethical disclosure
  • Domain 7
    • Emphasize Artifacts (e.g., computer, network, mobile device)
    • Add 3 topics under “Conduct logging and monitoring activities”: Log management, Threat intelligence (e.g., threat feeds, threat hunting), and User and Entity Behavior Analytics (UEBA)
    • Emphasize Machine learning and Artificial Intelligence (AI) based tools
    • Add Lessons learned to Disaster Recovery (DR) processes
  • Domain 8
    • Expand “development environments” to “software development ecosystems
      • Programming languages
      • Libraries
      • Tool sets
      • Integrated Development Environment (IDE)
      • Runtime
      • Continuous Integration and Continuous Delivery
      • Security Orchestration, Automation, and Response
      • Software Configuration Management (SCM)
      • Code repositories
      • Application security testing (e.g., SAST, DAST)
    • Emphasize acquired software
      • Commercial-off-the-shelf (COTS)
      • Open source
      • Third-party
      • Managed services (e.g., SaaS, IaaS, PaaS)
    • Mention Software-defined security

Added on 2020/08/26:

An insightful review of the CISSP Domain refresh 2021 by Luke Ahmed on August 23, 2020! (50 minutes)

Leave a Reply