ISC2 Certification

CCSP

Certified Cloud Security Professional

ISC2 | 6 domains · 70 modules | Ready

This track is built for the August 2026 CCSP exam outline. Learn how ISC2 frames cloud security — shared responsibility, data protection, and operational controls — so you can think through scenarios the way the exam expects.

Exam Details

Detail CCSP
Format 100–150 multiple-choice and advanced items (CAT)
Time 3 hours
Cost $599 USD
Passing Score 700 out of 1000
Experience 5 years in IT, 3 in information security, 1 in cloud security (or CCSK waives 1 year)
Renewal 40 CPE credits/year, annual fee $125
Exam Outline August 2026 ISC2 CCSP outline (includes AI security)

What You'll Learn

  • Understand how ISC2 frames cloud security across architecture, data, platform, application, operations, and legal domains
  • Think through shared responsibility scenarios — who owns what in SaaS, PaaS, and IaaS
  • Apply cloud data security concepts including encryption, DLP, rights management, and legal holds
  • Navigate AI security, container security, DevSecOps, and emerging cloud technologies as tested on the 2026 exam
Let's Get Started →
Domain 1 — Cloud Concepts, Architecture & Design (17%)

Cloud computing concepts, reference architecture, security principles, design patterns, and evaluating cloud service providers.

Section A — Cloud Fundamentals

  1. 1 Cloud Computing Definitions and Roles Free
  2. 2 Key Cloud Characteristics
  3. 3 Building Block Technologies
  4. 4 Cloud Service Categories (SaaS, IaaS, PaaS)
  5. Section A Review: Cloud Fundamentals

Section B — Architecture & Deployment

  1. 5 Cloud Deployment Models
  2. 6 Shared Considerations and SLAs
  3. 7 Related Technologies (AI, IoT, Containers, Quantum)
  4. 8 Cryptography and Key Management in the Cloud
  5. Section B Review: Architecture & Deployment

Section C — Security Design

  1. 9 Identity and Access Control
  2. 10 Network and Virtualization Security
  3. 11 Cloud Secure Data Lifecycle and Design Principles
  4. 12 Evaluating Cloud Service Providers
  5. Section C Review: Security Design

Domain 1 Review

  1. Capstone Review: CLOUD CONCEPTS, ARCHITECTURE & DESIGN
Domain 2 — Cloud Data Security (20%)

Data lifecycle, storage architectures, encryption, DLP, classification, rights management, retention, and auditability in cloud environments.

Section A — Data Fundamentals

  1. 13 Cloud Data Concepts and Data Lifecycle Free
  2. 14 Data Flows and Data Dispersion
  3. 15 Cloud Data Storage Architectures
  4. 16 Threats to Cloud Storage
  5. Section A Review: Data Fundamentals

Section B — Data Protection

  1. 17 Encryption and Key Management
  2. 18 Hashing, Tokenization, and Data Obfuscation
  3. 19 Data Loss Prevention (DLP)
  4. 20 Data Discovery and Classification
  5. 21 Data Labeling and Mapping
  6. Section B Review: Data Protection

Section C — Data Governance

  1. 22 Information Rights Management (IRM)
  2. 23 Data Retention, Deletion, and Archiving
  3. 24 Legal Hold and Data Preservation
  4. 25 Auditability, Traceability, and Accountability
  5. 26 Chain of Custody and Non-Repudiation
  6. Section C Review: Data Governance

Domain 2 Review

  1. Capstone Review: CLOUD DATA SECURITY
Domain 3 — Cloud Platform & Infrastructure Security (17%)

Infrastructure components, secure data center design, risk assessment, security controls, and business continuity in cloud platforms.

Section A — Infrastructure Components

  1. 27 Cloud Infrastructure Components Free
  2. 28 Network and Communications Security
  3. 29 Compute and Virtualization Security
  4. Section A Review: Infrastructure Components

Section B — Data Center & Risk

  1. 30 Secure Data Center Design
  2. 31 Physical and Environmental Security
  3. 32 Risk Assessment for Cloud Infrastructure
  4. 33 Vulnerability and Threat Analysis
  5. Section B Review: Data Center & Risk

Section C — Controls & Continuity

  1. 34 Security Controls Implementation
  2. 35 Identification, Authentication, and Authorization
  3. 36 Business Continuity and Disaster Recovery
  4. Section C Review: Controls & Continuity

Domain 3 Review

  1. Capstone Review: CLOUD PLATFORM & INFRASTRUCTURE SECURITY
Domain 4 — Cloud Application Security (17%)

Application security awareness, secure SDLC, threat modeling, testing, API security, supply chain, and IAM for cloud applications.

Section A — AppSec Fundamentals

  1. 37 Cloud Application Security Awareness Free
  2. 38 Common Cloud Vulnerabilities (OWASP, SANS)
  3. 39 Secure SDLC: Business Requirements and Design
  4. 40 Secure SDLC: Coding and Testing
  5. Section A Review: AppSec Fundamentals

Section B — Assurance & Supply Chain

  1. 41 Cloud-Specific Risks and Threat Modeling
  2. 42 Secure Coding Practices
  3. 43 Software Assurance and Validation
  4. 44 Security Testing Methodologies
  5. Section B Review: Assurance & Supply Chain

Section C — Architecture & IAM

  1. 45 API Security
  2. 46 Supply Chain and Third-Party Software Management
  3. 47 Cloud Application Architecture and Security Components
  4. 48 IAM Solutions for Cloud Applications
  5. Section C Review: Architecture & IAM

Domain 4 Review

  1. Capstone Review: CLOUD APPLICATION SECURITY
Domain 5 — Cloud Security Operations (16%)

Physical and logical infrastructure, operational controls (ITIL), digital forensics, SOC management, and security monitoring.

Section A — Infrastructure Operations

  1. 49 Physical and Logical Infrastructure Free
  2. 50 Hardware Security (HSM, TPM)
  3. 51 Access Controls and Secure Connectivity
  4. 52 Network Security Controls
  5. Section A Review: Infrastructure Operations

Section B — Maintenance & Standards

  1. 53 OS Hardening and Patch Management
  2. 54 Infrastructure as Code (IaC)
  3. 55 High Availability and Resilience
  4. 56 Monitoring and Capacity Management
  5. Section B Review: Maintenance & Standards

Section C — Operations & Forensics

  1. 57 ITIL and Operational Standards
  2. 58 Change, Incident, and Problem Management
  3. 59 Digital Forensics in the Cloud
  4. 60 Security Operations Center (SOC) and SIEM
  5. Section C Review: Operations & Forensics

Domain 5 Review

  1. Capstone Review: CLOUD SECURITY OPERATIONS
Domain 6 — Legal, Risk & Compliance (13%)

Legal requirements, privacy, audit processes, enterprise risk management, outsourcing, and cloud contract design.

Section A — Legal & Privacy

  1. 61 International Legal Requirements Free
  2. 62 eDiscovery and Forensics Requirements
  3. 63 Privacy Issues and Data Protection
  4. 64 Privacy Standards (GDPR, ISO 27018)
  5. Section A Review: Legal & Privacy

Section B — Audit & Risk

  1. 65 Audit Processes and Methodologies
  2. 66 Audit Reports and Compliance (SOC, SSAE)
  3. 67 Enterprise Risk Management in the Cloud
  4. 68 Risk Treatment and Frameworks
  5. Section B Review: Audit & Risk

Section C — Contracts & Vendors

  1. 69 Outsourcing and Cloud Contracts
  2. 70 Vendor Management and Supply Chain Security
  3. Section C Review: Contracts & Vendors

Domain 6 Review

  1. Capstone Review: LEGAL, RISK & COMPLIANCE

Career Benefits

  • Average salary: $130,000–$170,000 (varies by region and experience)
  • The leading cloud security certification, recognized by ISC2 alongside CISSP
  • Required or preferred for Cloud Security Architect, Cloud Engineer, and Security Consultant roles
  • Complements CISSP — demonstrates specialized cloud security expertise

How It Compares

CCSP focuses specifically on cloud security architecture, operations, and compliance, while CISSP covers the full breadth of information security. If you work with cloud infrastructure, SaaS platforms, or cloud migration, CCSP is your best fit. If you need the broadest senior-level credential, start with CISSP. Many professionals hold both. See the full comparison →