SecProve
ProfessionalVendor-specificAWS· issued from US

AWS CSS

Amazon Web Services Certified Security - Specialty

The AWS Security Specialty is AWS's most demanding security certification and requires solid practical experience with AWS workloads. It covers a broad spectrum: from IAM and data encryption to incident response, logging, and compliance. The practical relevance is high; pure textbook candidates typically fail. The certification has high market value potential, as it is regarded as proof of quality for security architects in cloud environments. Important: Version SCS-C02 was superseded in December 2025; SCS-C03 is now current.

Official page at AWS↔ Compare with another cert
Exam fee
$300
Ongoing
Study time
100–200 hrs
Delivery
Hybrid
Validity
3 yrs (renewal cycle)

› Quality score

32.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Solutions Architect Specialty (older code) — pre-2024 specialty path.
8.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Multi-step scenario items resembling design reviews.
6.0/10
Currency & upkeep
How aggressively content is kept current with the field.
Refreshed alongside AWS service evolution.
9.0/10
Market recognition
How often this signal actually moves a hiring decision.
Recognised on AWS architect listings; consolidated into newer certifications.
8.5/10

› Exam format

65 questions (multiple-choice + multiple-response), 170 minutes. Proctored via Pearson VUE / PSI. Passing score: 750/1000.

Passing score
750/1000 (scaled, ~75%)
Retake policy
Fee: $300 per attempt
Wait: 14d between attempts

14-day wait between attempts. AWS occasionally provides 50% retake vouchers after a fail.

› Recertification

Valid for 3 years. Renewal via re-exam or higher-level AWS cert.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

DD-WRL-001OG-WRL-013
Recognition
Global
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A5Cloud Security

AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.

A25Security Architecture & Engineering

Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.

› Prerequisites

Experience

No formal prerequisites. Recommended: 5 years IT security experience + 2 years AWS security experience.

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (1)
AWS SAAAWS
AWS CSS
AWS
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
Training providers
Practice tests

› Version & lifecycle

Current version
SCS-C02
Released
2023-07
Prior-version EOL
2023-09

SCS-C01 retired 2023-09. Domains: Threat Detection, Logging/Monitoring, Infrastructure, IAM, Data Protection.

› Salary signal

Cloud security engineer (AWS-focused), US, 3–5 years.

$130K$180K
median $150K

Robert Half Salary Guide + Glassdoor 'Cloud Security Engineer' aggregations · 2024 · US base only · p25–p75 range

› How it compares

vs
AZ-500

Pick by your stack — AWS shop = SCS-C02; Azure shop = AZ-500.

↔ Compare side-by-side
vs
CCSP

Vendor-neutral multi-cloud (CCSP) vs AWS-deep specialization.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications