ExpertVendor-neutralISC2· issued from US

ISSEP

Information Systems Security Engineering Professional

ISC2 specialization for security engineering, developed in cooperation with NSA. Focus on Systems Security Engineering, Risk Management, and Security Planning. Particularly relevant in US Government/Defense context.

Official page at ISC2 ↔ Compare with another cert

Exam fee

$599

Ongoing

$125/yr AMF · 20 CPE/yr

Study time

150–300 hrs

Delivery

Test center

Validity

3 yrs (renewal cycle)

› Quality score

18.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Concentration blueprint focused on US-federal systems engineering and RMF.

8.0/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Pure MCQ. No engineering artefact required.

1.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Updates trail federal RMF revisions; current version reflects NIST SP 800-37 r2 era.

4.5/10

Market recognition

How often this signal actually moves a hiring decision.

Recognised inside US federal / DoD systems-engineering tracks; very narrow elsewhere. [Holders: 1k, 2024-12] [DoD 8140 listed]

4.5/10

› Market signals

public, citable inputs to the recognition score

Holders worldwide

1,000

as of 2024-12 · source

DoD 8140 baseline

Listed

IASAE-III

› Built for these roles

Senior Systems EngineersInformation Assurance EngineersSecurity Analysts (Government)

› Exam format

Linear, 125 questions, 3 hours, 700/1000

Passing score

700/1000 (scaled)

Retake policy

Fee: $599 per attempt

Wait: 30d between attempts

Cap: 4 attempts/year

30/60/90 day waits for retakes 1/2/3 in a rolling 12-month window.

› Recertification

60-140 CPEs per 3-year cycle, $135/year AMF

› 3-year cost of ownership

Exam (1×)

$599

AMF (3×)

$375@$125/yr

Total

$974

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

DD-WRL-004DD-WRL-001DD-WRL-002DD-WRL-006DD-WRL-007DD-WRL-008DD-WRL-009IO-WRL-001IO-WRL-002IO-WRL-004

Recognition

Global

Exam languages

› Core domains covered

The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A25Security Architecture & Engineering

Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

A18Security Leadership

Cyber risk quantification, board communication, security program development, budget & ROI.

› Prerequisites

Experience

Active CISSP + 2 years experience in the respective specialization

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (1)

CISSPISC2

Recommended priors (0)

No de facto priors typically expected.

ISSEP

ISC2

Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

Official (ISC)² ISSEP CBK Reference — Wiley/ISC2

Training providers

ISC2 Official ISSEP Training

Practice tests

Boson ExSim-Max for ISSEP

Free / community

r/cissp (ISSEP threads)

› Version & lifecycle

Current version

2024 CBK refresh

Released

2024-04

› Salary signal

Federal / DoD security systems engineer, US, 7+ years. Requires active CISSP.

$145K–$215K

median $175K

Robert Half Salary Guide + Glassdoor 'Security Systems Engineer' aggregations · 2024 · US base only · p25–p75 range

› How it compares

CISSP-ISSAP

ISSEP focuses on systems-engineering lifecycle (SE-aligned, federal-heavy); ISSAP focuses on security architecture composition.

↔ Compare side-by-side

CISSP

ISSEP is a CISSP concentration — narrower depth, broader CISSP credential is the prerequisite.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications