ISC2 CISSP resources for official links, blueprint checks, study tools, and source review.
Use this page as your launchpad. Pair it with the local study plan, cheat sheet, faq, and glossary so official references stay connected to a usable review flow.
Do not treat this as a giant standards dump. Use it in this order:
| If your misses cluster in… | Start here | Why |
|---|---|---|
| current exam facts and weights | ISC2 outline summary | gives you the current 8-domain structure, weights, and CAT details |
| governance, policy, risk, and continuity | ISC2 outline plus NIST CSF and NIST SP 800-34 | keeps strategic and continuity questions grounded |
| incident response and investigations | NIST SP 800-61 | aligns IR phases and response logic with a primary source |
| identity, proofing, and federation | NIST Digital Identity Guidelines | helps anchor IAM concepts to a primary identity standard |
| software and application security | OWASP Top 10 | gives a primary-source supplement for application and SDLC issues |
| controls, baselines, and broader control families | NIST SP 800-53 | useful when controls, overlays, and enterprise control structure start to blur together |
| If there is a conflict between… | Trust this first |
|---|---|
| older training notes and the current ISC2 outline | the current ISC2 outline |
| generic security folklore and a primary standard | the primary standard first |
| “just encrypt it” advice and the actual governance question | the governance and lifecycle requirement first |