SecProve
ProfessionalVendor-neutralISC2· issued from US

SSCP

(ISC)2 Systems Security Certified Practitioner

The SSCP is ISC2's entry-level certification below the CISSP and targets technically active security professionals with initial work experience. Since October 2025, the exam uses Computerized Adaptive Testing (CAT), which customizes the exam experience individually and increases integrity. The SSCP covers seven technical domains, from access control through cryptography to network security, and positions itself as practical proof of operational security competence. It is less well-known than Security+ or GSEC, but benefits from ISC2's strong brand and serves well as an intermediate step toward the CISSP. The effort for annual certification maintenance (AMF + CPEs) is moderate.

Official page at ISC2↔ Compare with another cert
Exam fee
$249
Ongoing
$125/yr AMF · 20 CPE/yr
Study time
60–150 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

24.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Seven domains under ISC2's hands-on practitioner body of knowledge — solid mid-tier blueprint.
7.5/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
MCQ with applied scenarios; some PBQ-style items added in recent refreshes.
3.0/10
Currency & upkeep
How aggressively content is kept current with the field.
Refreshed in 2022 with cloud and zero-trust content.
7.0/10
Market recognition
How often this signal actually moves a hiring decision.
Recognised on operations and admin-track listings; popular DoD 8570 alternative when CISSP is overkill. [Holders: 10k, 2024-12] [DoD 8140 listed]
6.5/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
10,000
as of 2024-12 · source
DoD 8140 baseline
Listed
IAT-I, IAT-II, CSSP-Infrastructure

› Exam format

CAT-based, 100–150 questions, 3 hours, proctored via Pearson VUE. Passing score: 700/1000.

Passing score
700/1000 (scaled)
Retake policy
Fee: $599 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

30/60/90 day waits for retakes 1/2/3 in a rolling 12-month window.

› Recertification

Valid for 3 years. 20 CPE credits/year + annual AMF (125 USD, shared with all ISC2 certs).

› 3-year cost of ownership

Exam (1×)
$249
AMF (3×)
$375@$125/yr
Total
$624

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-014OG-WRL-012DD-WRL-003DD-WRL-004DD-WRL-005DD-WRL-006DD-WRL-007IN-WRL-002IO-WRL-001IO-WRL-002
Recognition
Global
Exam languages
endejakopt

› Core domains covered

The 4 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A2Network Security

Firewalls, IDS/IPS, network segmentation, DNS security, SD-WAN, VPN, traffic analysis, wireless security.

A6Identity & Access Management

AuthN/AuthZ, SSO, MFA, PAM, RBAC/ABAC, identity governance, FIDO2/passkeys, plus non-human identity: service accounts, workload identity, agent / plugin identities.

A10Security Operations

SOC operations, SIEM tuning, SOAR playbooks, alert triage, log analysis, runbook development.

A15Cryptography

Symmetric/asymmetric, PKI, TLS/SSL, hashing, post-quantum cryptography, key management.

› Prerequisites

Experience

1 year experience in at least 1 of the 7 SSCP domains. Without experience: Associate of ISC2.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
  • Official (ISC)² SSCP Study Guide, 6th Ed.Sybex
Training providers
Practice tests
  • Boson ExSim-Max for SSCP
Free / community

› Version & lifecycle

Current version
2024 CBK refresh
Released
2024-04

› Salary signal

SOC analyst / hands-on security operator, US, 1-3 years experience required for cert.

$75K$115K
median $92K

Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
Security+

SSCP is more hands-on operations (firewall, IDS, IAM admin); Security+ is broader knowledge baseline.

↔ Compare side-by-side
vs
CySA+

Both target SOC/operations roles; SSCP carries ISC2 brand vs CompTIA, with experience gate.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications