ISC2 · Cloud · Senior

CCSP — Certified Cloud Security Professional

ISC2's vendor-neutral senior cloud security certification. CCSP is the strongest signal for cloud security architect roles in multi-cloud environments.

// exam format
150 multiple-choice items, 4 hours, scaled score 700/1000 to pass
// cost
≈ £600
// prerequisites
  • 5 years cumulative IT experience, 3 in info security, 1 in one or more CCSP domains. CISSP substitutes the full requirement.
CCSP was developed jointly by ISC2 and the Cloud Security Alliance (CSA). It tests cloud-agnostic security architecture, data lifecycle, application security in the cloud, operations, and legal/compliance. Unlike vendor certs (AWS, Azure, GCP), CCSP focuses on the principles a cloud architect must apply regardless of provider. ## What the exam covers - Cloud Concepts, Architecture and Design - Cloud Data Security - Cloud Platform and Infrastructure Security - Cloud Application Security - Cloud Security Operations - Legal, Risk and Compliance ## Prerequisites - 5 years cumulative IT experience, 3 in info security, 1 in one or more CCSP domains. CISSP substitutes the full requirement. ## Study plan Plan 10–14 weeks. Sybex Official Study Guide + Practice Tests; CSA Security Guidance v4 + CCM as supplementary reading. The exam over-indexes on data lifecycle and legal/compliance vs vendor minutiae. ## Cost (UK 2026) Exam fee approx. £600 (vendor list price; bundles + corporate discounts vary). ## Format 150 multiple-choice items, 4 hours, scaled score 700/1000 to pass

Frequently asked questions

CCSP vs AWS Security Specialty?

CCSP for architecture roles spanning multiple clouds; AWS Security Specialty for AWS-only depth. Most senior cloud security engineers hold both — CCSP for the architecture lens, AWS for service-level depth.

Is CCSP harder than CISSP?

Different. CCSP is narrower but deeper on cloud-specific scenarios. CISSP holders typically pass CCSP within 6–8 weeks of focused study.

Which cloud providers does CCSP cover?

It is vendor-neutral. You learn concepts (e.g. tokenisation, customer-managed keys, cloud forensics) that apply across AWS, Azure, GCP, and OCI without quoting service names.

Does CCSP cover Kubernetes and containers?

Yes — Domain 4 (Cloud Application Security) and Domain 3 (Platform & Infrastructure) cover orchestration, microsegmentation, and runtime security in cloud-native architectures.

Practice CCSP — Certified Cloud Security Professional interview questions

Run AI-graded mock interviews keyed to the CCSP — Certified Cloud Security Professional body of knowledge.

Start free
// related
cloud-security-engineersecurity-architectframework · iso-27017framework · iso-27018framework · nist-csf