CCSP Prerequisites: Everything You Need to Qualify, Sit, and Get Certified

CCSP Prerequisites at a Glance

• Experience required: 5 years in IT, including 3 years in cybersecurity and 1 year in at least one of the 6 CCSP domains
  
• Waiver available: Reduce to 4 years with a qualifying degree or CSA's CCSK certificate; active CISSP holders waive the entire experience requirement
  
• Exam fee: $599
  
• No experience yet? You can still sit the exam and earn Associate of ISC2 status, with 6 years to build the required experience
• After passing: 9 months to complete endorsement by an active ISC2 member in good standing
  
• Annual Maintenance Fee: $135 per year for full CCSP, $50 per year for Associates
  
• CPE credits: 90 credits over every 3-year cycle to maintain your certification
  

You may think that the CCSP prerequisites work roughly the same way as the CISSP: a certain number of years in security, pass the exam, and be done. What may surprise you is that the CCSP experience requirement has more structure than that. ISC2 does not simply ask for years in security. It asks for three specific layers of experience across IT, cybersecurity, and cloud security domains, and each layer has its own threshold.

Missing any one of them means you do not yet qualify for full certification. This article covers every CCSP prerequisite from eligibility through post-certification maintenance, so you have a complete picture before you commit.

Who Should Pursue the CCSP?

The Certified Cloud Security Professional (CCSP) certification is designed for professionals who already have substantial experience in IT and information security and want to specialize in cloud security. It is not an entry-level certification. The experience requirements reflect that clearly.

You are an ideal CCSP candidate if you are already working in IT security and want to deepen your expertise in cloud environments. The certification is particularly valuable for security architects, consultants, and managers who design, implement, or oversee cloud security strategies. 

Systems engineers and network administrators looking to move toward cloud security will also find the CCSP a strong credential for making that shift. Risk and compliance professionals who need to understand the security implications of cloud technologies qualify as well.

If you are just starting your IT career, gaining more hands-on experience before pursuing the CCSP is the more practical path. The exam tests applied knowledge across six cloud security domains, and without real-world exposure, preparation becomes significantly harder.

CCSP Experience Requirement: The Three-Layer Rule

The CCSP experience requirement is structured in three distinct layers, and you need to satisfy all three:

• Five years of cumulative paid work experience in information technology
• Three of those years must be in cybersecurity specifically
• One of those years must be in one or more of the six CCSP domains

That third layer is where it gets confusing. General cybersecurity experience qualifies for the second layer, but ISC2 also wants to see at least one year of work that maps directly to cloud security. The six domains that count for that requirement are:

1. Domain 1: Cloud Concepts, Architecture and Design
2. Domain 2: Cloud Data Security
3. Domain 3: Cloud Platform and Infrastructure Security
4. Domain 4: Cloud Application Security
5. Domain 5: Cloud Security Operations
6. Domain 6: Legal, Risk and Compliance

Your job title does not determine eligibility here any more than it does for the CISSP. What matters is whether your actual responsibilities map to at least one of these six domains. A cloud infrastructure engineer, a DevSecOps professional, a compliance manager overseeing cloud vendor contracts, and a security architect designing cloud controls can all produce qualifying domain experience regardless of what their business card says.

For a full breakdown of how ISC2 evaluates different work histories, how part-time and internship experience is calculated, and what specific tasks qualify within each domain, our dedicated CCSP experience requirements guide covers all of that in detail.

On the other hand, before you start mapping your background to the domains, the free 5 Mistakes to Avoid guide is worth reading first.

The CCSP Experience Waivers

ISC2 offers three ways to reduce or eliminate the CCSP experience requirement. Each works differently and they are not stackable beyond the limits described below.

• Qualifying degree: A four-year college degree in computer science, information technology, or a related field reduces the five-year requirement to four years. The degree substitutes for one year of the required IT experience.
• CSA's CCSK certificate: The Certificate of Cloud Security Knowledge from the Cloud Security Alliance substitutes for one year of experience in one or more of the six CCSP domains. This is particularly useful if you have strong general cybersecurity experience but are one year short on domain-specific cloud experience.
• Active CISSP credential: Holding an active CISSP certification satisfies the entire CCSP experience requirement. You still need to pass the CCSP exam, but you do not need to separately demonstrate the five years of IT experience, three years of cybersecurity experience, or one year of domain experience. This is the most direct pathway for CISSP holders moving into cloud security specialization.

One important rule: the degree and CCSK waivers cannot be combined to substitute for two years. The maximum substitution through either of those routes is one year. Only the CISSP waives the requirement in full.

The CCSP Exam Itself

The CCSP uses Computerized Adaptive Testing (CAT), which means the exam adjusts in real time based on your performance. The format runs between 100 and 150 questions over a maximum of three hours. The exam is delivered at Pearson VUE testing centers globally.

The exam fee is $599. This covers the cost of the exam itself and does not include study materials or training.

One important note for 2026 candidates: effective August 1, 2026, the CCSP exam will be based on a new exam outline. If you are planning to sit the exam, confirm which version of the outline your exam will follow when you register, and make sure your study materials align with the correct version.

The exam is available in multiple languages, including English, Chinese, Japanese, and German.

Taking the CCSP Without the Required Experience

You can sit the CCSP exam even without meeting the full experience requirement. ISC2 does not require you to prove your experience before testing. The experience requirement is verified during the endorsement process after you pass.

If you pass the exam without meeting all three layers of the experience requirement, you become an Associate of ISC2 rather than a fully certified CCSP. As an Associate, you have six years from your exam date to accumulate the qualifying experience. Once you satisfy the requirement, you submit an endorsement application, have your experience verified, and your Associate status converts to full CCSP certification.

The Associate pathway is a genuine option for professionals who are close to the threshold but not quite there, or for those who want to demonstrate their cloud security knowledge while they build the domain-specific experience ISC2 requires.

Associates pay a reduced AMF of $50 per year and carry a recognized ISC2 designation during the period they are building toward full certification.

What Happens After You Pass

Three additional commitments stand between passing and holding an active certification.

Endorsement

After passing the exam, you have nine months to complete the endorsement process. An active ISC2 member in good standing reviews your claimed work experience, confirms it maps to the CCSP requirements, and vouches for your professional conduct. If you do not know an ISC2 member personally, ISC2 can act as your endorser directly, though this route typically takes longer to process.

Missing the nine-month window means your exam result will be voided, and you will need to retake the exam. Do not treat the endorsement as an afterthought. Start identifying your endorser and gathering your experience documentation before exam day, so you are ready to move quickly after passing.

Annual Maintenance Fee

Once your endorsement is approved, you pay your first Annual Maintenance Fee to activate your certification. The AMF is $135 per year for full CCSP holders and $50 per year for Associates of ISC2. This fee supports ISC2's certification infrastructure and gives you access to member resources and the broader ISC2 community.

ISC2 fees can change over time. Verify the current figures directly with ISC2 before budgeting.

Continuing Professional Education Credits

The CCSP certification operates on a three-year cycle. To maintain your certification, you need to earn 90 Continuing Professional Education (CPE) credits across each cycle. Of those 90 credits, 60 must be Group A credits, and 30 must be Group B credits.

Group A CPEs are earned through activities that directly relate to the six CCSP domains, such as attending cloud security conferences, completing relevant training courses, publishing articles, or participating in domain-related professional activities.

Group B CPEs cover broader professional development activities that build general skills rather than domain-specific knowledge, such as management training, leadership development, and professional organization involvement.

Failing to meet the CPE requirement by the end of your certification cycle results in suspension and eventually revocation of your certification. Our CCSP CPE guide covers how to track, earn, and report your credits efficiently so you stay in good standing throughout your certification cycle.

Frequently Asked Questions

Your Path to CCSP Certification Starts Here

With a clear picture of what the CCSP prerequisites require, the next step is building a preparation plan that gets you to exam day ready. If you sign up for the CCSP Bootcamp, you will explore all six domains across five intensive days with live instruction from Rob Witcher and John Berti, who co-developed the official ISC2 CCSP certification materials. For a faster, self-paced study, the CCSP MasterClass adapts to your specific knowledge gaps across all six domains with a fully flexible schedule and an exam pass guarantee.

Why not check out our free resource? The CCSP MindMaps are a practical starting point for getting a visual overview of what each domain covers before you commit to a full study plan.