SecProve
ExpertVendor-neutralISC2· issued from US

ISSAP

Information Systems Security Architecture Professional

ISC2 specialization for security architecture. Requires an active CISSP. Focus on GRC, Security Architecture Modeling, Infrastructure Security, and IAM architecture. For senior security architects in enterprise environments.

Official page at ISC2↔ Compare with another cert
Exam fee
$599
Ongoing
$125/yr AMF · 20 CPE/yr
Study time
150–300 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

20.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Concentration blueprint inherited from CISSP — narrow but well-defined architecture focus.
8.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
Pure MCQ. No design exercise or architectural review artefact.
1.5/10
Currency & upkeep
How aggressively content is kept current with the field.
Updates lag the parent CISSP cadence by years.
5.0/10
Market recognition
How often this signal actually moves a hiring decision.
Recognised among architecture-track candidates in CISSP-tracked programs.
5.5/10

› Built for these roles

Security ArchitectsCTOsSystem Designers

› Exam format

Linear, 125 questions, 3 hours, 700/1000

Passing score
700/1000 (scaled)
Retake policy
Fee: $599 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

30/60/90 day waits for retakes 1/2/3 in a rolling 12-month window.

› Recertification

60-140 CPEs per 3-year cycle, $135/year AMF

› 3-year cost of ownership

Exam (1×)
$599
AMF (3×)
$375@$125/yr
Total
$974

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

DD-WRL-004DD-WRL-001DD-WRL-002
Recognition
Global
Exam languages
en

› Core domains covered

The 4 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A25Security Architecture & Engineering

Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.

A3Zero Trust Architecture

Zero trust principles, micro-segmentation, NIST SP 800-207, ZTNA, continuous verification, BeyondCorp.

A15Cryptography

Symmetric/asymmetric, PKI, TLS/SSL, hashing, post-quantum cryptography, key management.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

› Prerequisites

Experience

Active CISSP + 2 years experience in the respective specialization

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (1)
CISSPISC2
Recommended priors (0)

No de facto priors typically expected.

ISSAP
ISC2
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
  • Official (ISC)² ISSAP CBK ReferenceWiley/ISC2
Practice tests
  • Boson ExSim-Max for ISSAP
Free / community

› Version & lifecycle

Current version
2017 CBK
Released
2017-04

ISSAP CBK has not been refreshed since 2017 — content gaps relative to current cloud/AI architecture practice.

› Salary signal

Security architect, US, 7+ years. Requires active CISSP.

$145K$215K
median $170K

Robert Half Salary Guide + Glassdoor 'Security Architect' aggregations · 2024 · US base only · p25–p75 range

› How it compares

vs
ISSEP

ISSAP focuses on architecture composition; ISSEP is systems-engineering-aligned, federal-heavy.

↔ Compare side-by-side
vs
SC-100

Vendor-neutral architecture (ISSAP) vs Microsoft-stack architecture (SC-100).

↔ Compare side-by-side

› Careers that commonly pursue this cert

Quantum Security Specialist

Prepare for the post-quantum era. Understand quantum threats and lead cryptographic migration efforts.

Security Architect

Senior design role — defines how pillar A components fit together across identity, crypto, network, cloud, and data — and, increasingly, how pillar C bolts into it.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications