ProfessionalVendor-neutralISO 17024ISACA· issued from US

CISA

Certified Information Systems Auditor

IS audit, governance, control testing, and assurance.

Official page at ISACA ↔ Compare with another cert

Exam fee

$760

Ongoing

$45/yr AMF · 40 CPE/yr

Study time

120–250 hrs

Delivery

Test center

Validity

3 yrs (renewal cycle)

› Quality score

28.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Five domains with detailed task statements; ISO 17024 accredited; one of the longest-running audit credentials.

9.0/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

MCQ only — but audit-checklist style scenarios reflect closer to actual practice than most management certs.

2.0/10

Currency & upkeep

How aggressively content is kept current with the field.

Job-practice areas refreshed in 2024 with cloud-audit and AI content.

8.5/10

Market recognition

How often this signal actually moves a hiring decision.

The default audit credential. Ubiquitous in Big-4 advisory and internal audit roles. [Holders: 165k, 2024-12] [DoD 8140 listed]

9.0/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

165,000

as of 2024-12 · source

DoD 8140 baseline

Listed

IAT-III, CSSP-Auditor

› Built for these roles

IT AuditorCompliance Analyst / ManagerInternal Audit LeadRisk & Controls Consultant

› Exam format

150 multiple-choice questions over 4 hours, English plus several other languages. Pearson VUE proctored. ISACA membership not required but discounts the AMF.

Passing score

450/800 (scaled)

Retake policy

Fee: $575 per attempt

Wait: 30d between attempts

Cap: 4 attempts/year

ISACA charges members $575 / non-members $760. 4 attempts per 12-month rolling window.

› Recertification

120 CPEs over the three-year cycle (avg 40/yr, minimum 20/yr) plus the $45/yr maintenance fee for ISACA members ($85/yr non-members).

› 3-year cost of ownership

Exam (1×)

$760

AMF (3×)

$135@$45/yr

Total

$895

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-007OG-WRL-002OG-WRL-010

Recognition

GlobalUSEUUKDACH

Exam languages

enjazhesko

› Core domains covered

The 1 domain this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

› Also touched

Present in the blueprint but not the primary focus — you’ll be introduced but shouldn’t expect depth.

A13Supply Chain Security

SBOM, vendor risk assessment, software supply chain attacks, dependency management.

A12Data Security, Privacy & Protection

Data classification, encryption-at-rest/in-transit, DLP, tokenization, privacy-by-design, plus the regulatory stack (GDPR, CCPA, HIPAA) that sets the bar.

A18Security Leadership

Cyber risk quantification, board communication, security program development, budget & ROI.

› Prerequisites

Experience

Five years of IS audit, control, or security experience. Waivers available for other certs and education.

Knowledge assumed

Audit process and methodology
Governance and risk management
IT operations and resilience

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (0)

No de facto priors typically expected.

CISA

ISACA

Required by (0)

No certs require this one.

Recommended next (1)

CGEITISACA

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

CISA Review Manual, 28th Ed. — ISACA
CISA Review Questions, Answers & Explanations Database (QAE) — ISACA

Training providers

Practice tests

ISACA QAE Database (1000+ questions)
Hemang Doshi practice tests (Udemy)

Free / community

› Version & lifecycle

Current version

2024 job-practice analysis

Released

2024-06

ISACA performs a job-practice analysis every ~5 years. Five domains.

› Salary signal

IT Auditor / SOX auditor / IS audit manager, US, 5+ years.

$100K–$150K

median $122K

+9% reported cert premium

ISACA Salary Survey + Salary.com 'IT Auditor' aggregations · 2024 · US base only · p25–p75 range

› How it compares

CRISC

Risk-management emphasis (CRISC) vs CISA's audit-execution and assessment focus.

↔ Compare side-by-side

PECB 27001LA

Single-standard ISMS lead-auditor focus vs CISA's broader IS-audit framework coverage.

↔ Compare side-by-side

› Careers that commonly pursue this cert

GRC / Compliance Analyst

Manage risk, ensure regulatory compliance, and build governance frameworks. Where security meets business strategy.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications