ProfessionalVendor-neutralISO 17024ISC2· issued from US

CCSP

Certified Cloud Security Professional

Cloud security architecture: shared responsibility, identity, data protection, crypto, and cloud-native detection.

Official page at ISC2 ↔ Compare with another cert

Exam fee

$599

Ongoing

$135/yr AMF · 30 CPE/yr

Study time

100–180 hrs

Delivery

Test center

Validity

3 yrs (renewal cycle)

› Quality score

28.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Six published domains; tight overlap with CSA Cloud Controls Matrix gives the blueprint external grounding.

8.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

MCQ with applied scenarios but no real lab. Cloud-architecture answers are inferred from prose.

2.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Refreshed in 2022 with serverless / container content; ISC2 maintains regular cadence.

8.5/10

Market recognition

How often this signal actually moves a hiring decision.

The cloud-security generalist signal. Strong in financial services and US federal; less universal than CISSP. [Holders: 30k, 2024-12]

8.5/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

30,000

as of 2024-12 · source

› Built for these roles

Cloud Security EngineerCloud Security ArchitectSecurity Engineer (cloud-heavy)DevSecOps Engineer

› Exam format

125 multiple-choice questions over 3 hours, English. Pearson VUE proctored. Endorsement step from an existing ISC2 member required after passing.

Passing score

700/1000 (scaled)

Retake policy

Fee: $599 per attempt

Wait: 30d between attempts

Cap: 4 attempts/year

30 / 60 / 90 day waits for retakes 1/2/3 in a rolling 12-month window.

› Recertification

90 CPEs over three years (avg 30/yr) plus the $135/yr Annual Maintenance Fee shared with other ISC2 credentials. Holding both CCSP and CISSP costs a single AMF.

› 3-year cost of ownership

Exam (1×)

$599

AMF (3×)

$405@$135/yr

Total

$1004

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

DD-WRL-004OG-WRL-014PD-WRL-002

Recognition

GlobalUSEUUKDACH

Exam languages

enjazhesdeko

› Core domains covered

The 6 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A5Cloud Security

AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

A15Cryptography

Symmetric/asymmetric, PKI, TLS/SSL, hashing, post-quantum cryptography, key management.

A25Security Architecture & Engineering

Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.

A23Recovery, Resilience & Cyber Recovery

Backup integrity, immutable snapshots, cyber-recovery vaults, restore orchestration, BCM/DR, tabletop exercises, ransom-scenario restoration drills.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A3Zero Trust Architecture

Zero trust principles, micro-segmentation, NIST SP 800-207, ZTNA, continuous verification, BeyondCorp.

A13Supply Chain Security

SBOM, vendor risk assessment, software supply chain attacks, dependency management.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

A11Detection Engineering & Threat Hunting

SIGMA/YARA/Suricata rule writing, hypothesis-driven hunting, log deep-dives, detection gap analysis.

› Known coverage gaps

Domains this cert does not meaningfully address. Plan follow-up learning here if your role touches any of them.

A9Penetration Testing & Red Teaming A14OT/ICS Security C1Adversarial Machine Learning C6AI Infrastructure Security

› Prerequisites

Experience

Five years of IT experience with three years in infosec and one year in cloud security (CISSP satisfies the experience requirement).

Knowledge assumed

Cloud concepts (IaaS, PaaS, SaaS) and shared responsibility model
Cloud IAM, encryption, and data protection
Cloud architecture and governance

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (2)

CISSPISC2 CSA CCSKCloud Security Alliance

CCSP

ISC2

Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

Official (ISC)² CCSP Study Guide, 4th Ed. — Sybex
Official (ISC)² CCSP Practice Tests, 3rd Ed. — Sybex

Training providers

Practice tests

Boson ExSim-Max for CCSP

Free / community

r/ccsp

› Version & lifecycle

Current version

2022 CBK refresh

Released

2022-08

Six CBK domains; next refresh expected ~2025-2026.

› Salary signal

Cloud security engineer / architect, US, 4+ years.

$130K–$190K

median $155K

ISC2 Workforce Study + Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

CSA CCSK

CCSK is the vendor-neutral entry point; CCSP is broader and includes ISC2's experience-verification gate.

↔ Compare side-by-side

AWS CSS

Vendor-specific (AWS) vs CCSP's multi-cloud vendor-neutral breadth.

↔ Compare side-by-side

AZ-500

Vendor-specific (Azure) vs CCSP's multi-cloud breadth.

↔ Compare side-by-side

› Careers that commonly pursue this cert

Security Engineer

Design, build, and maintain security infrastructure. The architects of an organization's defensive posture.

Cloud Security Engineer

Secure cloud infrastructure across AWS, Azure, and GCP. Specialize in the shared responsibility model and cloud-native controls.

Quantum Security Specialist

Prepare for the post-quantum era. Understand quantum threats and lead cryptographic migration efforts.

Security Architect

Senior design role — defines how pillar A components fit together across identity, crypto, network, cloud, and data — and, increasingly, how pillar C bolts into it.

ML Platform Security Engineer

Secures the platform that trains, stores, and serves ML models — multi-tenant GPU isolation, pipeline integrity, feature-store hygiene, secrets management in ML workflows.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications