Last updated: June 2026. Written by Josh Hutcheson, OnlineCourseing editor. See our review methodology.
QUICK VERDICT
Bottom line: The CCSP (Certified Cloud Security Professional) from ISC2 is the most respected vendor-neutral cloud-security credential — but it’s an advanced cert, not a starting point. The exam costs $599, and full certification requires five years of relevant work experience. If you have the background (or hold a CISSP, which waives the requirement entirely), it’s one of the highest-value certs in security. If you’re new to the field, start elsewhere and come back to it.
- Best for: security pros with cloud responsibility and a few years’ experience
- Cost: $599 exam + ~$135/year maintenance fee
- Skip if: you’re early-career — build experience and a foundational cert first.
See our top-rated CCSP prep course →
The CCSP is ISC2’s flagship cloud-security certification — the cloud-focused companion to its better-known CISSP. It validates that you can design, manage, and secure data and applications in the cloud, vendor-neutral across AWS, Azure, and Google Cloud. It’s widely listed in senior cloud-security and security-architect job postings, and it carries real weight because ISC2 keeps the bar high: a tough exam and a hard experience requirement. This guide covers what’s actually involved — the domains, the exam, the cost, the experience rule that trips people up, and how to prepare without overspending.
What the CCSP covers: the six domains
Before you spend money on the wrong online course, read this.
I've taken hundreds of online courses and certs. Get my honest Tuesday picks — plus reader-only deal alerts.
No spam. Unsubscribe anytime.
The CCSP Common Body of Knowledge is organized into six domains. The exam weights them roughly evenly, so you can’t skate by on the two or three you already know — breadth across all six is the point.
- Cloud Concepts, Architecture & Design — the foundations: service/deployment models, reference architecture, and secure-design principles.
- Cloud Data Security — the data lifecycle, encryption, key management, and data discovery in cloud environments.
- Cloud Platform & Infrastructure Security — securing the underlying compute, storage, and network, plus business continuity.
- Cloud Application Security — secure SDLC, application testing, and identity/access management for cloud apps.
- Cloud Security Operations — running secure cloud operations day to day, including logging, monitoring, and incident response.
- Legal, Risk & Compliance — privacy law, regulatory frameworks, audits, and managing risk with cloud providers.
ISC2 refreshes the exam outline periodically — the next content update is scheduled for August 1, 2026 — so always download the current exam outline from ISC2 before you start studying, and make sure any prep course you buy is aligned to it.
Exam format and cost at a glance
| Detail | CCSP |
|---|---|
| Exam fee | $599 USD |
| Questions / time | ~125 questions, 3 hours |
| Passing score | 700 out of 1,000 |
| Format | Proctored, at a Pearson VUE test center or online |
| Annual maintenance fee | ~$135/year (single AMF across ISC2 certs) |
| Maintenance | 90 CPE credits over the 3-year cycle |
Question count and timing reflect the current exam; because ISC2 updates its exams periodically, confirm the live format on the official ISC2 CCSP exam outline before booking. The $599 fee is the same worldwide (converted to local currency), and the annual maintenance fee is a flat ISC2 membership cost — if you hold more than one ISC2 cert, you pay it once, not per certification.
The experience requirement (read this before you pay)
This is the part that catches people out. Passing the exam is not enough to become a CCSP. Full certification requires five years of cumulative, paid work experience in IT, of which at least three years must be in information security and one year in one or more of the six CCSP domains. A few shortcuts exist:
- Holding a CISSP waives the entire experience requirement. This is why many people earn the CISSP first, then add the CCSP.
- A Cloud Security Alliance CCSK, or a relevant post-secondary degree, waives one year (you can use one waiver, not both).
- No experience yet? You can still sit the exam. Pass it and you become an Associate of ISC2, with up to six years to earn the required experience and convert to full CCSP.
The practical takeaway: the CCSP is not a credential you use to break into security. It’s one you earn to validate and level up experience you already have.
After you pass: endorsement and staying certified
Passing the exam starts a clock most candidates don’t expect. Within nine months, you must complete the ISC2 endorsement process — an existing ISC2-certified professional attests to your experience, or ISC2 itself can act as endorser. Miss the window and you may have to re-sit the exam, so line up an endorser early. If you don’t yet meet the experience requirement, this is also where you formally become an Associate of ISC2.
Once certified, the CCSP runs on a three-year cycle: earn 90 CPE (continuing professional education) credits across those three years and pay the annual maintenance fee to keep it active. CPEs come easily from the work itself — webinars, conferences, training, and writing all count — so maintenance is rarely a burden for anyone active in the field.
Who the CCSP is for
The CCSP is aimed at mid-to-senior practitioners whose work centers on securing cloud environments. It maps most directly to roles like cloud security engineer, security architect, security consultant, security administrator, and systems or enterprise architects who own cloud risk. If your title or your next target role involves designing or governing security across AWS, Azure, or Google Cloud — rather than configuring one vendor’s console — the vendor-neutral CCSP is the credential that matches. It’s a poor fit, by contrast, for help-desk, junior SOC, or pure-developer roles, where a foundational cert and hands-on experience deliver more per dollar.
CCSP vs CISSP: which first?
They’re siblings, not rivals. The CISSP is broad security leadership across eight domains — the gold-standard generalist credential. The CCSP goes deep on cloud specifically. If your role is general security management, CISSP first; if you live in cloud security, CCSP may be the more relevant badge. Because a CISSP waives the CCSP experience requirement and the two share a lot of conceptual ground, a common and sensible path is CISSP first, then CCSP as the cloud specialization. There’s no wrong order — match the cert to where your work actually is.
CCSP vs the cloud-vendor security certs
The CCSP’s defining trait is that it’s vendor-neutral — it tests cloud-security principles that apply everywhere, not one provider’s tooling. That’s different from vendor certs like AWS Certified Security – Specialty or the Azure and Google Cloud security tracks, which go deep on a single platform’s services and consoles. The two types are complementary, not competing: a vendor cert proves you can implement security in that cloud; the CCSP proves you understand cloud security as a discipline across all of them.
It’s also worth knowing the Cloud Security Alliance CCSK (Certificate of Cloud Security Knowledge) — a lighter, exam-only, no-experience credential that overlaps conceptually with the CCSP and can waive one year of its experience requirement. A sensible progression for many is a vendor associate cert for hands-on depth, the CCSK as a knowledge stepping-stone, then the CCSP once the experience is there. Match the mix to whether your work is single-cloud implementation or multi-cloud governance.
Is the CCSP worth it?
For the right person, yes — clearly. Cloud security is one of the most in-demand specializations in the field, and because the CCSP’s experience requirement keeps the holder pool genuinely qualified, employers treat it as a strong signal rather than a paper cert. It’s frequently named alongside the CISSP in senior cloud-security and security-architect postings, and certified professionals in this niche command salaries at the upper end of the security range.
The honest caveats: it’s a hard, expensive exam with ongoing maintenance costs, and the value drops sharply if you don’t have the experience to back it up — the cert opens doors, but the interview will test whether you can actually do the work. Don’t pursue it speculatively early in your career. Earn it when cloud security is (or is becoming) your actual job.
How to prepare and pass
The CCSP rewards a structured approach: learn the full body of knowledge, reinforce it with the official study guide, then drill realistic practice questions until you’re consistently above the pass mark. Here’s the stack we’d use.
BEST VALUE COURSE + PRACTICE
Jason Dion’s ISC2 CCSP Full Course & Practice Exam is our pick for most candidates. Dion is one of the most-enrolled security-certification instructors anywhere, and this course pairs full video coverage of all six domains with practice questions in a single, affordable package aligned to the current exam. It’s rated 4.8 out of 5 across 1,000+ ratings with 8,000+ students, and was updated in June 2026 — recency matters for a cert whose outline changes. At Udemy’s typical sale price it’s a fraction of the official training.
RECOMMENDED PARTNER — UDEMY
ISC2 CCSP Full Course & Practice Exam (Jason Dion)
Full coverage of all six domains plus practice questions, aligned to the current exam — 4.8★ from 1,000+ ratings, updated June 2026.
Affiliate partnership — we may earn a commission when you enroll via this link. We only recommend courses we’d send a friend to.
FOR SUBSCRIPTION LEARNERS
If you already learn on a subscription platform, Pluralsight’s CCSP path (via A Cloud Guru) is a solid structured-video alternative, and worthwhile if you’ll also use the wider library for hands-on cloud labs. It’s a better fit than a one-off course if you’re building broad cloud skills alongside the cert.
THE BOOK + OFFICIAL OPTION
Two non-affiliate resources we’d still recommend on merit: the Official (ISC)² CCSP Study Guide (the Sybex book, co-authored by Mike Chapple) is the reference nearly every successful candidate uses — pair it with any course above. And ISC2’s own official self-paced training is the most authoritative option if your employer is paying, though it’s considerably more expensive than the third-party courses and rarely necessary to pass.
Frequently asked questions
How much does the CCSP certification cost?
The exam fee is $599 USD. After you certify, ISC2 charges an annual maintenance fee of about $135, which covers all your ISC2 certifications at once. Budget separately for prep, which can range from a ~$15–$150 third-party course to much pricier official training.
Do I need experience to take the CCSP?
To take the exam, no. To earn the full credential, yes — five years of relevant paid experience (three in security, one in a CCSP domain). If you pass without the experience, you become an Associate of ISC2 and have up to six years to earn it. Holding a CISSP waives the requirement entirely.
Is the CCSP harder than the CISSP?
They’re comparable in difficulty but different in scope. The CISSP is broader; the CCSP is narrower and deeper on cloud. Candidates who already hold a CISSP usually find the CCSP more approachable because of the conceptual overlap.
How long does it take to prepare?
Most working security professionals study for two to four months. Plan more time if cloud isn’t your day-to-day, and don’t book the exam until you’re scoring consistently above 80% on quality practice questions across all six domains.
Is the CCSP worth it for the money?
For experienced security professionals working in or moving into cloud, yes — it’s among the most respected credentials in the niche and tends to pay for itself. For early-career people without the experience to back it, the money is better spent on foundational skills and a first security role.
Related guides
- CompTIA SecurityX (CASP+) Certification Guide
- ITIL 4 Certification Guide (levels, cost & how to pass)
- Best cybersecurity courses — build the foundations before the CCSP
- CompTIA Security+ training — the entry-level security cert to start with
- Google Cloud certification guide — vendor cloud certs that pair well with the CCSP
- Best Pluralsight courses — if you’re weighing a subscription for cloud labs
Bottom line: The CCSP is a top-tier cloud-security credential that’s genuinely worth it — for professionals who already have the experience (or a CISSP). Confirm you meet the requirement, study the full body of knowledge with a current course and the official study guide, drill practice questions to 80%+, and book the exam when you’re consistently clearing it.