NEWS

ISC2 Is Refreshing the CCSP and CC Exams in 2026: What It Means for the CISSP

Published: May 31, 2026

ISC2 has two exam outline changes locked in for 2026, and the official notices are already posted on its certification pages. The CCSP exam moves to a new outline on August 1, 2026, and the CC exam follows on September 1, 2026. Neither one is the CISSP, so if that is the only credential you care about, your study plan is safe for now.

The reason this still belongs on your radar is the machinery behind it. Both refreshes come out of the same Job Task Analysis that ISC2 runs on a three-year cycle, and that is the exact process that will eventually reshape the CISSP. Watching what changes on the sibling exams tells you where the whole portfolio is heading.

What is ISC2 changing in 2026?

Two credentials are getting fresh content outlines this year. The CCSP, ISC2’s cloud security certification, switches to a new exam outline on August 1, 2026. The CC, the entry-level Certified in Cybersecurity, switches on September 1, 2026. ISC2 describes both as results of the Job Task Analysis, a periodic review where working certificate holders confirm what the credential should actually test. The CCSP keeps its six-domain structure and its computerized adaptive format, and the change is a content refresh rather than a format overhaul. The CC keeps its five domains.

One detail in the CC outline is worth pulling out, because it shows the direction ISC2 is steering. The organization says it has folded foundational AI concepts across all five CC domains so that even brand new practitioners can identify AI assets, recognize automated threats, and support AI governance. That is the entry-level cert. The certification body is signaling that AI security is no longer an advanced topic, it is table stakes from day one.

  • CCSP new outline: August 1, 2026. Six domains and the adaptive format stay; the content gets refreshed to match current cloud security practice. The CCSP has used computerized adaptive testing since October 2025.
  • CC new outline: September 1, 2026. Five domains, with foundational AI concepts now woven through every one of them.
  • Same engine, different car. Both refreshes come from the triennial Job Task Analysis, the same review process that produced the April 2024 CISSP update.
  • The CISSP is not on the 2026 list. No CISSP outline change is scheduled this year. The current blueprint stands.

ISC2 Exam Outline Timeline Apr 2024 CISSP refresh Oct 2025 CC, SSCP, CCSP go CAT Aug 1, 2026 CCSP new outline Sep 1, 2026 CC new outline ~2027? CISSP next (projected) Solid markers are confirmed. The gray one is an estimate, not an announcement.

Is the CISSP exam changing in 2026?

No. The CISSP was last refreshed on April 15, 2024, and ISC2 has not scheduled another change for it. If you are studying right now or planning to test this year, you are working from a stable outline, and the material you bought for the current blueprint is the right material.

Here is the part worth understanding. ISC2 reviews every credential through the Job Task Analysis on a roughly three-year cadence, and the CISSP runs on that same clock. April 2024 plus three years lands somewhere around 2027, so a next CISSP refresh in that window is a reasonable expectation. It is an estimate based on the pattern, not a date ISC2 has published, and the smart move is to treat it that way rather than delaying an exam over a change that has no official timeline. You can see the current structure and format on the CISSP exam format breakdown.

The Triennial Job Task Analysis Loop JTA every ~3 years Survey practitioners Reweight domains Publish new outline Update item bank

Why does an ISC2 exam refresh matter if you are studying for the CISSP?

It matters for three practical reasons, and none of them require you to change your CISSP plan today.

The first is study-material hygiene. Every refresh quietly turns a shelf of guides stale. A CCSP candidate who buys a 2024 course and sits the exam in September 2026 is studying the wrong outline. The same trap caught CISSP candidates who used pre-2024 books that treated zero trust and AI as side notes. Before you buy anything, check the publication date against the outline date for your exam.

The second is the pathway. A lot of CISSP holders add the CCSP next, because holding the CISSP waives the entire CCSP experience requirement and turns it into a pure knowledge exam. If a cloud move is on your horizon, the August 2026 CCSP refresh is your outline, not the old one. Our CISSP vs CCSP comparison walks through when that progression makes sense.

The third is the signal. When ISC2 writes AI into the entry-level CC across all five domains, and when its April 2026 guidance confirmed AI concepts are already embedded in the CISSP, you are watching a theme build. Whatever the next CISSP outline looks like, AI security, cloud, and zero trust are clearly the topics gaining weight. You do not have to wait for an official update to start treating them as core.

What should you do before your exam date?

Confirm which outline your test date falls under, then study from that one. For the CCSP, anything scheduled on or after August 1, 2026 uses the new outline, and anything before it uses the current one. For the CC, the cutover is September 1, 2026. Pull the official outline PDF straight from ISC2 rather than trusting a third-party summary, since the domain weights are what tell you where to spend your hours.

For CISSP candidates specifically, the guidance is simpler. Keep going. The exam is steady, the current outline already reflects ISC2’s recent thinking on AI and zero trust, and there is no announced change to wait out. If you have been sitting on a test date out of fear that a refresh is coming, this is your sign that 2026 is a clean year to take it. The earlier coverage of the move to adaptive testing for the other exams, CC, SSCP, and CCSP going CAT-only, fills in how the format side has been evolving in parallel.

Which Outline Applies to You? CCSP candidate Test before Aug 1, 2026 use current outline Test on or after that use the new outline Pull the PDF from ISC2 CISSP candidate No 2026 change current outline stands April 2024 blueprint already covers AI Book the date

Is the CISSP exam changing in 2026?

No. The CISSP was last refreshed on April 15, 2024, and ISC2 has not announced a new outline for it in 2026. The 2026 changes apply to the CCSP and the CC, not the CISSP.

When does the new CCSP exam outline take effect?

August 1, 2026, per ISC2’s official CCSP exam outline page. The exam keeps its six domains and its computerized adaptive format, and the change is a content refresh rather than a structural one.

When does the new CC exam outline take effect?

September 1, 2026. ISC2 has integrated foundational AI concepts across all five CC domains, so even the entry-level credential now expects awareness of AI assets, automated threats, and AI governance.

When will the CISSP get its next exam update?

ISC2 has not published a date. Based on the roughly three-year Job Task Analysis cycle and the April 2024 refresh, a next update somewhere around 2027 is a reasonable estimate, but it is a projection rather than an announcement.

Should I delay my CISSP exam because of these changes?

No. The CISSP outline is stable, already reflects current AI and zero trust thinking, and has no scheduled change. Waiting only delays the credential and the experience clock that goes with it.

I have prepped enough people for these exams to know the real risk here, and it is not the refresh itself. It is candidates freezing because they heard ISC2 is changing something. Read the fine print and the worry usually evaporates. The dates that matter are posted, the CISSP is not on the 2026 list, and the only people who need to act are the CCSP and CC candidates booking around those two cutovers. Everyone else, keep studying.