CISSPs, please take part in giving your opinion on what the next iteration of the exam should look like; the refresh efforts are starting, and we can improve the content of the Exam Outline to better reflect the reality of the industry and practice of information security. This link contains instructions: https://blog.isc2.org/isc2_blog/2022/12/calling-all-cissps-help-shape-the-cissp-exam.html….and these are the suggestions I offered to the refresh team:


- remove reference to archaic security models (Biba, Bell-LaPadula, etc.)

- reduce, condense, or remove the detailed discussion of cryptanalytic attacks; that is far more granular than is necessary, and of almost no use to practitioners

- remove "evidence storage" and "media storage facilities"; these don't serve any purpose...in fact, it would be best to condense 3.9 into four bullet points: fire, protecting sensitive areas, HVAC, power

- the TCP/IP Model is not a useful concept; remove that

- remove SD-WAN

- remove cellular networks; practitioners can do basically nothing to secure these

- remove "NAC devices"

- remove bullet points/subTopics in 5.3

- in 5.4, we can remove the historical models of MAC, DAC, and the RBACs

- 6.1 and 6.5 seem the same...maybe combine/condense/clarify

- in 7.1, strike "artifacts"; evidence suffices in that Topic

- 3.1 and 7.4 overlap...remove repetition

- 7.5 and 3.9 overlap...remove repetition

- 7.7; change terms to "permissive/prohibitive"

- 7.12, remove "simulation" and "walkthrough"

- remove 7.14; physical security is addressed in Domain 3

- 7.15, remove duress

- remove maturity models (or, at the very least, the specificity of named models) and IPT