What is Certified Cloud Security Professional (CCSP)?
Certified Cloud Security Professional (CCSP) is an International Information System Security Certification Consortium, or (ISC)2, certification that covers cloud-based cybersecurity best practices.
CCSP certification is intended for experienced IT professionals who have a minimum of five years of experience in the industry with three of those years being in information security and one year in one of the six CCSP domains. The certification builds on (ISC)²'s Certified Information Systems Security Professional (CISSP) and Cloud Security Alliance's Certificate of Cloud Security Knowledge (CCSK). CCSK certification can be substituted for the required one year of experience in the domains. CISSP certification covers all experience prerequisites.
The six CSSP domains include cloud data security; cloud concepts, architecture and design; cloud security operations; cloud platform and infrastructure security; cloud application security; and legal, risk and compliance.
The wide range of topics covered by the CCSP helps showcase an individual's range of knowledge and proficiency in a specific domain.
CCSP was introduced in April 2015 at the RSA Conference. The CCSP exam was designed to complement and build on CISSP and CCSK, while also addressing the need for cloud security professionals who have the field's required knowledge and skills.
Since its introduction, the CCSP certification has become one of the most well-known vendor-neutral certifications for cloud security.
According to (ISC)2, the CCSP certificate offers several benefits, including credibility and recognition as an authority figure on cloud security; allowing certificate holders to stay up to date on the latest cloud security practices and principles; and exposing individuals to a variety of cloud platforms and technologies via (ISC)2's vendor-neutral approach.
The CCSP certification is accredited by the American National Standards Institute and complies with International Organization for Standardization (ISO) and International Electrotechnical Commission 17024 standards.
How to get the CCSP certification
To obtain the CCSP certification, individuals must earn a passing score of 700 out of 1,000 points on the CCSP exam, which consists of 150 multiple-choice questions to be completed in four hours or less. The exam features the six CSSP domains, which are individually weighted for the final score:
- Cloud data security (20%).
- Cloud concepts, architecture and design requirements (17%).
- Cloud platform and infrastructure security (17%).
- Cloud application security (17%).
- Cloud security operations (16%).
- Legal, risk and compliance (13%).
The CCSP certification must be maintained through a minimum of 90 Continuing Professional Education credits over the three-year CCSP certification cycle. Individuals must also abide by the (ISC)2 Code of Ethics, have their application endorsed by another (ISC)² certified professional and pay an Annual Maintenance Fee. Failure to complete these steps within nine months from the exam date will result in an exam retake.
CCSP vs. CISSP
CCSP and CISSP are both vendor-neutral certifications and assume individuals have an understanding of the (ISC)2 Common Body of Knowledge. The major difference between the two certificates is CSSP certification is more focused on cloud-related security, while CISSP focuses on the field of information security. The CCSP exam, for example, emphasizes the ISO definitions for cloud computing and cloud architectures and focuses on protecting the different types of cloud service models, such as software as a service, platform as a service and infrastructure as a service.
Editor's note: The definition was written by Casey Clark in 2018. TechTarget editors revised it in 2023 to improve the reader experience.