Security Administrator

The SSCP is ideal for IT administrators, managers, directors and network security professionals responsible for the hands-on operational security of their organization’s critical assets. It demonstrates advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures.

Required Experience

To qualify for the SSCP, candidates must pass the exam and have at least one year of cumulative, paid work experience in one or more of the seven domains of the ISC2 SSCP Common Body of Knowledge (CBK®).

Jobs that typically use SSCP

• Network Security Engineer

• IT/Systems/Network Administrator

• Security Analyst

• Systems Engineer

• Security Consultant/Specialist

• Security Administrator

• Systems/Network Analyst

• Database Administrator

• Individuals operating in a security operations center (SOC) environment performing the role of incident handler, SIEM analyst, forensics specialist, threat intel researcher, etc.

Domains Covered

• Security Operations and Administration

• Access Controls

• Risk Identification, Monitoring and Analysis

• Incident Response and Recovery

• Cryptography

• Network and Communications Security

• Systems and Application Security

Become an SSCP – Systems Security Certified Practitioner

Earning a globally recognized IT security administration and operations certification like the SSCP is a great way to grow your career and better secure your organization’s critical assets.

SSCP certification demonstrates you have the advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures established by the cybersecurity experts at ISC2.

Prove your skills, advance your career, and gain the support of a community of cybersecurity leaders here to help you throughout your career.

Already Have a Peace of Mind Voucher? Learn how to redeem it now.

SSCP Quick Glance

SECURITY ADMINISTRATION AND OPERATIONS

Demonstrates professionals have the knowledge and skills to implement, monitor and administer IT infrastructure using cybersecurity best practices.

WHAT TO EXPECT ON THE SSCP EXAM

Domain 1. Security Concepts and Practices

Domain 2. Access Controls

Domain 3. Risk Identification, Monitoring and Analysis

Domain 4. Incident Response and Recovery

Domain 5. Cryptography

Domain 6. Network and Communications Security

Domain 7. Systems and Application Security

About SSCP

The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability.

The broad spectrum of topics included in the SSCP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of information security. Successful candidates are competent in the following domains:

• Security Concepts and Practices

• Access Controls

• Risk Identification, Monitoring, and Analysis

• Incident Response and Recovery

• Cryptography

• Network and Communications Security

• Systems and Application Security

Experience Requirements

Candidates must have a minimum of one year cumulative work experience in one or more of the domains of the SSCP CBK. A one year prerequisite pathway will be granted for candidates who received a degree (bachelors or masters) in a cybersecurity program.

A candidate that doesn’t have the required experience to become an SSCP may become an Associate of ISC2 by successfully passing the SSCP examination. The Associate of ISC2 will then have two years to earn the one year required experience. You can learn more about SSCP experience requirements and how to account for part-time work and internships at www.isc2.org/Certifications/SSCP/SSCP-Experience-Requirements.

Accreditation

SSCP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024.

Job Task Analysis (JTA)

ISC2 has an obligation to its membership to maintain the relevancy of the SSCP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the SSCP. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

SSCP Examination Information

Notice: Beginning October 1, 2025, the SSCP exam will be administered as a variable-length Computer Adaptive Test (CAT) exam only. Candidates will answer 100-125 multiple-choice items with an adjusted exam length of 2 hours. For more information on CAT, please refer to www.isc2.org/certifications/computerized-adaptive-testing.

Length of exam             3 hours

Number of items           125

Item format                    Multiple choice

Passing grade               700 out of 1000 points

Language availability   English, Japanese and Spanish

Testing center                Pearson VUE Testing Center

SSCP Examination Weights

Domains

Average Weight

1. Security Concepts and Practices                              16%

2. Access Controls                                                         15%

3. Risk Identification, Monitoring and Analysis              15%

4. Incident Response and Recovery                              14%

5. Cryptography                                                               9%

6. Network and Communications Security                       16%

7. Systems and Application Security                                15%

Total                                                                                 100%

Additional Examination Information

Supplementary References

Candidates are encouraged to supplement their education and experience by reviewing relevant resources that pertain to the CBK and identifying areas of study that may need additional attention.

View the full list of supplementary references at www.isc2.org/certifications/References.

Examination Policies and Procedures

ISC2 recommends that SSCP candidates review exam policies and procedures prior to registering for the examination. Read the comprehensive breakdown of this important information at www.isc2.org/Register-for-Exam.

Complete the Certification Application Process

Once you receive notification that you have successfully passed the exam, you can start the online certification application process. This process attests that your assertions regarding professional experience are true, that you are in good standing within the cybersecurity industry. It also contains the agreements to abide by the ISC2 Code of Ethics and privacy policy.

Agree to the ISC2 Code of Ethics

All information security professionals who are certified by ISC2 recognize that such certification is a privilege that must be both earned and maintained. All ISC2 members are required to commit to fully support ISC2 Code of Ethics Canons:

• Protect society, the common good, necessary public trust and confidence, and the infrastructure.

• Act honorably, honestly, justly, responsibly, and legally.

• Provide diligent and competent service to principles.

• Advance and protect the profession.