The Certified Cloud Security Professional (CCSP) certification is intended for experience IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains. The certification builds off of (ISC)²'s Certified Information Systems Security Professional (CISSP) and CSA's Certificate of Cloud Security Knowledge (CCSK).
The six CSSP domains include:
- cloud data security;
- architecture and design;
- infrastructure security;
- application security; and
The wide range of topics covered by the CCSP helps showcase an individual's range of knowledge and proficiency in a specific domain.
Having first been introduced in April 2015 at the RSA Conference, the CCSP exam was designed to complement and build on the Certified Information Systems Security Professional (CISSP) certification and the Certificate of Cloud Security Knowledge while also addressing the need for cloud security professionals who have the field's required knowledge and skills. Since its introduction, the CCSP certification has become one of the most well-known vendor neutral certifications for cloud security.
According to (ISC)2, the CCSP certificate offers several benefits, including credibility and recognition as an authority figure on cloud security; allowing certificate holders to stay up to date on the latest cloud security practices and principles; and exposing individuals to a variety of cloud platforms and technologies via (ISC)2's vendor-neutral approach.
Furthermore, the CCSP certification is accredited by the ANSI (American National Standards Institute) and complies with International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 17024 Standards.
How to get the CCSP certification
In order to obtain the CCSP certification, individuals must earn a passing score of 700 out of 1,000 points on the CCSP exam, which consists of 125 multiple choice questions to be completed in four hours or less. The exam features the six CSSP domains, which are individually weighted for the final score: architectural concepts & design requirements, which is weighted 19%; cloud data security (20%); cloud platform & infrastructure security (19%); cloud application security (15%); operations 15%; and legal & compliance (12%).
Once certified, the CCSP certification must be maintained through a minimum of 90 Continuing Professional Education (CPE) credits over the three-year CCSP certification cycle. Individuals must also abide by the (ISC)2 Code of Ethics, have their application endorsed by another (ISC)² certified professional, and pay their Annual Maintenance Fee (AMF). Failure to complete these steps within nine months from the exam date will result in an exam retake.
The CSA's Certificate of Cloud Security Knowledge (CSSK) is a prerequisite for the CCSP certification; however, the CISSP credential may be substituted for the CCSK prerequisite.
CCSP vs. CISSP
While the CCSP and CISSP are both vendor-neutral certifications, they assume individuals have an understanding of the (ISC)2 Common Body of Knowledge (CBK). The major difference between the two certificates is that the CSSP certification has a more focused approach on cloud related security, such as cloud application security, cloud platform and cloud computing, while the CISSP focuses on the field of information security. The CCSP exam, for example, emphasizes the ISO definitions for cloud computing and cloud architectures and focuses on protecting the different types of cloud service models, such as SaaS, PaaS and IaaS.