CISSP exam changes 2024: what IAM teams should notice

TL;DR: ISC2 refreshed the CISSP blueprint on April 15, 2024, with updated emphasis across IAM, zero trust, SASE, privacy laws, cryptography, and lifecycle topics, while keeping domain weights broadly stable and the exam format unchanged according to Netwrix. The change matters because it shows which identity and security concepts are now table stakes for practitioners, not just exam candidates.

NHIMG editorial — based on content published by Netwrix: CISSP Exam Changes 2024

By the numbers:

• The CISSP exam covers 8 domains, and Domain 5 Identity and Access Management remains weighted at 13%.
• Domain 3 Security Architecture and Engineering includes 4 new topics in the 2024 update, including SASE and quantum key distribution.

Questions worth separating out

Q: How should security teams use CISSP blueprint changes in their training plans?

A: Security teams should use blueprint changes to identify which skills are becoming baseline across the profession and which remain specialist knowledge.

Q: Why do updated certification blueprints matter to identity programmes?

A: Updated blueprints matter because they often reflect where the industry now expects competency.

Q: What should IAM leaders do when access topics start expanding in security certifications?

A: IAM leaders should treat that expansion as a signal to reassess internal maturity.

Practitioner guidance

• Map exam blueprint changes to role-based skills Compare the updated CISSP topics against the responsibilities in your IAM, architecture, and governance teams.
• Review IAM training for policy enforcement and accounting Make sure teams understand access policy enforcement, credential management systems, passwordless authentication, and the role of groups and roles.
• Refresh architecture learning around hybrid control points Teach SASE, micro-segmentation, API exposure, VPC design, and transport-layer security as connected controls.

What's in the full article

Netwrix's full blog covers the exam-objective detail this post intentionally leaves for the source:

• Line-by-line breakdown of the CISSP domain changes and weight adjustments
• Detailed topic-by-topic notes on what was added, removed, or renamed in each domain
• Exam-prep guidance on how to adapt older study material to the refreshed objectives
• FAQ coverage on blueprint cadence, exam format, and study strategy

👉 Read Netwrix's CISSP 2024 exam changes overview →

CISSP exam changes 2024: what IAM teams should notice?

Explore further

View Full Forum →  |  NHI Foundation Course →