CISSP experience waiver: What you need to know
The Certified Information Systems Security Professional (CISSP) is one of the most respected certifications in cybersecurity. In 2025, as organizations face increasingly complex security challenges, CISSP certification provides security professionals with the expertise needed to design and manage comprehensive security programs.
Major employers actively seek CISSP-certified professionals for senior roles, with many positions specifically requiring this credential. That’s why it’s one of the best paying certifications available. (Get our free cybersecurity salary guide for more compensation data.)
The CISSP professional experience requirement may seem daunting — use this article to help determine if you can waive some of that experience requirement.
Earn your CISSP, guaranteed!
A little about CISSP
The CISSP certification is for cybersecurity professionals who want to go above and beyond foundational cybersecurity skills. This certification covers a broad range of topics and verifies that the certification holder can design, implement and manage an effective cybersecurity program.
Check out our other articles to learn more about the CISSP exam, its Computerized Adaptive Testing format and free CISSP study resources.
CISSP experience requirement
While the certification's value is clear, you must meet specific professional experience requirements to earn it. The standard CISSP experience requirement is five years of cumulative, full-time work experience in two or more of the eight CISSP CBK domains. This experience requirement reflects the certification's focus on validating seasoned security professionals who can handle complex security challenges.
Common cybersecurity roles that often align with CISSP requirements include:
- Chief information security officer
- Chief information officer
- Director of security
- IT director/manager
- Security systems engineer
- Security analyst
- Security manager
- Security auditor
- Security architect
- Security consultant
- Network architect
The good news is that you have multiple paths to meet this requirement.
Required knowledge domains
Your work experience must fall within two or more of the eight CISSP exam domains:
- Domain 1. Security and Risk Management
- Domain 2. Asset Security
- Domain 3. Security Architecture and Engineering
- Domain 4. Communication and Network Security
- Domain 5. Identity and Access Management (IAM)
- Domain 6. Security Assessment and Testing
- Domain 7. Security Operations
- Domain 8. Software Development Security
Types of qualifying experience
Full-time work
To accrue one month of work experience, you must work a minimum of 35 hours per week for four weeks.
Part-time work
Part-time work counts toward the requirement if you work between 20 and 34 hours per week:
- 1,040 hours of part-time work equals 6 months of full-time experience
- 2,080 hours of part-time work equals 12 months of full-time experience
Internships
Both paid and unpaid internships count toward the requirement. You'll need documentation on company letterhead confirming your intern position. For academic internships, documentation on the registrar's stationery is acceptable.
You may qualify for a reduction through the experience waiver.
The CISSP experience waiver options
While CISSP requires five years of experience, you can reduce this requirement by one year through either of these options:
Education path
If you hold a post-secondary degree (bachelor's or master's) in computer science, information technology or related fields, ISC2 will waive one year of the experience requirement. This recognizes the foundational knowledge gained through formal education in cybersecurity-related disciplines.
Professional certification path
Alternatively, holding certain approved credentials from ISC2's list can also satisfy one year of the experience requirement. These credentials demonstrate expertise in specific areas of cybersecurity and information systems security:
- AWS Certified Security - Specialty
- AZ-500 Azure Security Engineer Associate
- Cisco Certified CyberOps Associate
- Cisco Certified Network Associate (CCNA)
- CompTIA CySA+
- CompTIA Security+
- CompTIA SecurityX (formerly CASP+)
- EC-Council Certified Ethical Hacker (CEH, v8 or higher)
- ISACA Certified Information Security Manager (CISM)
- ISACA Certified Information Systems Auditor (CISA)
- ISACA Certified in Risk and Information Systems Control (CRISC)
- ISC2 Certified in Governance, Risk and Compliance (CGRC)
- ISC2 Certified Cloud Security Professional (CCSP)
- ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
This is a partial list of accepted credentials. For the complete current list, check ISC2's website.
Becoming an Associate of ISC2
If you don't have the required experience, you can still take the first step toward CISSP certification. By passing the CISSP examination, you can become an Associate of ISC2. This gives you six years to earn the necessary five years of experience while holding the associate status.
Attaining the CISSP certification
CISSP is a versatile cybersecurity certification requiring five years of cumulative work experience in at least two of the eight knowledge domains. The experience waiver can help reduce this requirement by one year, making the certification more accessible while maintaining its professional standards.
Earn your CISSP, guaranteed!
Additional resources
Ready to pursue your CISSP certification? These resources can help:
- Download our CISSP exam tips ebook for strategic guidance on exam preparation
- Explore our comprehensive CISSP training hub for study materials and practice tests
- Review our cybersecurity certification roadmap for mid-career professionals to plan your certification journey
- Consider our CISSP Boot Camp for intensive, expert-led preparation
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- CISSP experience waiver: What you need to know
- CISSP domains overview: Your complete preparation guide
- What is the ISC2 ISSMP (Information Systems Security Management Professional) certification?
- What is the ISC2 ISSEP (Information Systems Security Engineering Professional) certification?
- What is the ISC2 ISSAP (Information Systems Security Architecture Professional) certification?
- CISSP concentrations: How ISSAP, ISSMP & ISSEP have changed
- Mitigating access control attacks in the CISSP exam
- CISSP DoD 8140: What changed from DoD 8570?
- CISSP jobs in 2025: Cybersecurity manager outlook and career opportunities
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring
- CISSP interview prep: 10 common questions and answers
- CISSP resources: Free books, videos, practice exams and other study tools
- CISSP certification cost and requirements (2025): Your complete preparation guide
- Perimeter defenses: What you need to know for the CISSP exam
- Understanding control frameworks and the CISSP
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- Due care vs. due diligence: What you need to know for the CISSP exam
- The ISC2 code of ethics: A binding requirement for certification
- Security governance principles: What you need to know for the CISSP exam
- Understanding access control: A CISSP certification guide
- Renewal requirements for the CISSP certification
- Secure communication channels: What you need to know for the CISSP exam
- Risk management concepts and the CISSP
- CISSP: Business continuity planning and exercises
- Data and system ownership in the CISSP exam
- Information and asset classification in the CISSP exam
- Incident management and the CISSP exam: What you need to know
- CISSP prep: Security policies, standards, procedures and guidelines
- Earning CPE credits to maintain the CISSP
- Data security controls and the CISSP exam
- CISSP: Disaster recovery processes and plans
- Vulnerability and patch management in the CISSP exam
- Secure system design principles: CISSP exam concepts and frameworks
- Certification and accreditation: What’s on the CISSP exam?
- Change management and the CISSP
- Threat modeling and the CISSP
- CISSP exam questions: 5 drag & drop and hotspot questions
- CISSP certification salary: A comprehensive 2025 salary guide
- 8 tips for CISSP exam success in 2025
- Environmental controls and the CISSP
