Back to blog
Certification Deep Dives9 min read

ISC2 CCSP Exam Is Changing on 1 August 2026: What's New and Should You Sit It Before Then?

The ISC2 CCSP exam moves to a new outline on 1 August 2026, folding AI and machine-learning security into all six domains. Here is exactly what changes, whether the old or new version suits you, and how to decide if you should sit before the deadline.

C

CertCrush Team

9 July 2026

If you are studying for the ISC2 CCSP, the clock matters more than usual right now. The CCSP exam changes on 1 August 2026, when ISC2 switches to a brand-new exam outline that folds artificial intelligence and machine-learning security into every one of the six domains. Book your test for 31 July and you sit the current version. Book it for 1 August or later and you sit the new one.

That single date change is driving a lot of "should I rush to sit before then?" questions from candidates, and the honest answer depends on where you are in your preparation. This guide breaks down exactly what is changing in the 2026 CCSP outline, what stays the same, and how to decide whether to sit before the deadline or prepare for the refreshed exam.

The Short Answer on the CCSP Exam Changes in 2026

Here is the decision in one paragraph. If you are already deep in your study, comfortable with the current material, and can realistically book a seat before 1 August 2026, sit the current exam and remove the uncertainty. If you are still early in your preparation, or you work with AI workloads day to day, prepare for the new outline instead. The new version is not harder in a raw sense, it simply reflects what cloud security actually looks like in 2026, and rushing an exam you are not ready for is a worse bet than sitting a slightly updated one you know well.

Exam Tip: The exam date, not your registration date, decides which outline you get. If your test is scheduled on or after 1 August 2026, you will be tested against the new 2026 outline, even if you registered months earlier.

What Is Actually Changing on 1 August 2026

ISC2 rebuilds each exam outline after a Job Task Analysis, a formal study of what practitioners in the field actually do day to day. The 2026 CCSP update is a content refresh, not a format overhaul, and it is driven by one clear trend: the cloud is now where AI models are trained, hosted and served, so cloud security professionals need to secure those workloads.

AI and machine-learning security across all six domains

This is the headline change. Rather than bolting on a separate AI domain, ISC2 has woven AI and machine-learning security into all six existing domains. In practice, expect the new outline to test:

  • The shared responsibility model for AI-as-a-Service and managed model platforms
  • Data pipeline and training-data exposure, including data sovereignty concerns
  • Securing high-performance compute enclaves used for model training
  • Model and inference endpoint protection as part of cloud workload security

If you already understand cloud data protection and workload security, this is an extension of concepts you know, not a wholly new field.

A slight tilt toward Cloud Security Operations

The second, quieter change is a deliberate pivot toward operational security. The refreshed outline puts more weight on monitoring, incident response and resilience in multi-cloud environments. That reflects the reality that most organisations now run across more than one cloud provider and need to detect and respond to incidents that span all of them.

Domain weights shift slightly

The six domains stay, but their percentage weightings move a little to make room for the new AI content and the operations emphasis. None of the shifts are dramatic, but they are enough that you should study against the current published outline for whichever version you are sitting.

What Stays the Same

It is just as important to know what is not changing, because a lot of the panic around exam updates comes from assuming everything is different. For the CCSP, the exam mechanics are untouched.

FeatureCurrent outline (until 31 Jul 2026)New outline (from 1 Aug 2026)
Number of domains66
Delivery formatComputerised Adaptive Testing (CAT)Computerised Adaptive Testing (CAT)
Number of items100 to 150100 to 150
Exam duration3 hours3 hours
Passing score700 out of 1000700 out of 1000
Exam cost599 USD599 USD
AI/ML security contentMinimalIntegrated across all six domains
EmphasisBalanced across domainsSlight tilt to operations and AI

The CCSP moved from a linear format to CAT on 1 October 2025, aligning it with the modernised CISSP delivery, so if you have read older guides that describe a fixed 125-question linear exam, those are out of date regardless of the 2026 outline change. Under CAT, the exam adapts question difficulty to your real-time performance, and most candidates answer somewhere between 100 and 150 items.

Exam Tip: CAT means you cannot skip a question and come back to it. You answer, you commit, you move on. Practise that discipline before exam day so it does not throw you.

The Six CCSP Domains in Brief

Whichever version you sit, these are the six domains you are tested on. The names are stable across both outlines, so use them as your study skeleton.

  1. Cloud Concepts, Architecture and Design covers cloud reference architectures, service and deployment models, and secure design principles.
  2. Cloud Data Security is the heaviest domain on the current outline at around 20 percent, covering the data lifecycle, encryption, key management and data classification.
  3. Cloud Platform and Infrastructure Security covers virtualisation, containers, network security controls and infrastructure hardening.
  4. Cloud Application Security covers the secure software development lifecycle, application testing (SAST, DAST, IAST and SCA) and supply chain risk.
  5. Cloud Security Operations covers building, running and monitoring cloud environments, and gains emphasis under the 2026 outline.
  6. Legal, Risk and Compliance covers privacy, audit, governance and regulatory requirements in the cloud.

The AI and machine-learning security additions in the 2026 outline appear inside each of these domains rather than as a seventh domain, so treat AI security as a lens you apply to every topic rather than a separate subject.

Should You Sit the CCSP Before 1 August 2026?

This is the question everyone actually wants answered, so let us make it concrete. Work through these scenarios and find the one that fits you.

Sit before the deadline if...

  • You are already comfortable with the current material and taking practice exams in the passing range.
  • You can get a Pearson VUE seat on or before 31 July 2026 without cramming.
  • You do not work with AI or machine-learning workloads and would rather not add that content to your revision.
  • You value certainty and want to be tested on the outline you have been studying.

Prepare for the new outline if...

  • You are early in your studies and would be rushing to hit the deadline.
  • You already work with AI workloads, LLM pipelines or managed model services, so the new content plays to your strengths.
  • You want a certification that reflects current cloud practice for the next few years, which helps in interviews where AI security is now a baseline expectation.
  • You cannot realistically secure and prepare for a seat before 1 August 2026.

The worst outcome is booking a rushed exam before the deadline, failing it, and then having to retake against the new outline anyway. A CCSP retake costs 199 USD and you must wait before rebooking, so do not sprint at a date you are not ready for just to dodge a modest content refresh.

Exam Tip: Do not forget the CCSP experience requirement. You need five years of cumulative, full-time IT experience, with three years in information security and one year in at least one CCSP domain. An active CISSP substitutes the entire requirement. If you lack the experience, you can still pass the exam and become an Associate of ISC2 while you accrue it.

How to Prepare Whichever Version You Sit

The good news is that the vast majority of CCSP content is unchanged, so your study plan barely moves. Focus your energy where it counts.

  • Study against the correct published outline. Download the exam outline that matches your test date from ISC2 and use its domain weights to prioritise.
  • Master cloud data security first. It is the heaviest domain on the current outline and remains a major focus, so it is the highest-return area to nail early.
  • Add an AI security layer if you are sitting the new version. Learn the shared responsibility model for managed AI services, training-data protection, and how model endpoints fit into cloud workload security.
  • Drill with adaptive-style practice questions. Because the exam is CAT, you want to be sharp on wording and time pressure. Working through a large, well-explained question bank is the single most effective way to prepare.
  • Build hands-on context. Even light lab time in one cloud provider makes the abstract domain concepts stick far better than reading alone.

If you want a structured, week-by-week approach to the whole syllabus, our 12-week CCSP study plan walks through the domains in order and tells you what to cover each week. Pair it with realistic practice on the CertCrush CCSP course so you go into exam day used to the question style rather than surprised by it.

How the CCSP Change Fits the Wider 2026 ISC2 Refresh

The CCSP is not changing in isolation. ISC2 is folding AI and machine-learning topics into several credentials at once, treating AI security as part of the core body of knowledge rather than a niche add-on. The entry-level ISC2 CC exam is also changing in 2026, and the same "sit before the deadline or prepare for the new outline" logic applies there too.

If your longer-term goal is the CISSP, note that an active CISSP already waives the entire CCSP experience requirement, so many professionals pair the two. The direction of travel is clear: across ISC2 credentials, understanding how to secure AI workloads is becoming a baseline expectation rather than a bonus.

Ready to Start Practising?

The CCSP exam change on 1 August 2026 is a manageable, well-signposted refresh, not a reason to panic. Decide which version fits your timeline, study against the right outline, and put in enough realistic practice that exam day feels familiar.

CertCrush gives you exam-style CCSP practice questions with full explanations, so you can walk in confident whether you are sitting the current outline or the new 2026 one. Create your free CertCrush account to start practising today, browse the full range of cloud and security courses, and turn the CCSP deadline into a plan rather than a worry.

CCSPISC2cloud securityCCSP exam changescertificationexam updateAI security

Ready to start practising?

CertCrush gives you realistic exam simulations, domain tracking, and study guides — all in one place.