New CCSP vs the old CCSP
As many of you may be aware, the new CCSP exam is coming into effect on August 1st ,2019. We have tabulated some of the changes that are being made from the old CCSP to the new CCSP exam.
Here are the old CCSP domains and weightage vs the new CCSP domains and weightage:
| Old CCSP domains and weightage | New CCSP domains and weightage |
| Architectural Concepts & Design Requirements 19% | Cloud Concepts, Architecture and Design 17% |
| Cloud Data Security 20% | Cloud Data Security 19% |
| Cloud Platform & Infrastructure Security 19% | Cloud Platform & Infrastructure Security 17% |
| Cloud Application Security 15% | Cloud Application Security 17% |
| Operations 15% | Cloud Security Operations 17% |
| Legal & Compliance 12% | Legal, Risk and Compliance 13% |
As we can see from the above, the first three domains have less weight now and the last three domains have slightly more weight in the new CCSP exam.
Here is the comparison of exam information between the old CCSP examination, and the new CCSP examination:
| Old CCSP exam information | New CCSP exam information | |
| Length of exam | 4 hours | 3 hours |
| No.of questions | 125 | 125 |
| Question format | Multiple choice | Multiple choice |
| Passing grade | 700 out of 1000 points | 700 out of 1000 points |
As we can see from the above table, the duration of the new CCSP examination has been reduced by an hour for the same number of questions (125) The question format for the new CCSP exam remains the same as the old format (multiple-choice) The passing grade for the new CCSP exam also remains the same as the old CCSP exam (700 points out of 1000 points)
Let us look at the detailed changes from the old CCSP to the new CCSP:
Domain 1:
The first domain has been renamed as ‘Cloud concepts, Architecture and design’. The weightage for this domain has reduced to 17%.
| Old CCSP domain 1 | New CCSP domain 1 |
| 1. Understand Cloud Computing Concepts | 1. Understand Cloud Computing Concepts |
| 1.2 Describe Cloud Reference Architecture | 1.2 Describe Cloud Reference Architecture
ADDED: |
| 1.3 Understand Security Concepts Relevant to Cloud Computing
|
1.3 Understand Security Concepts Relevant to Cloud Computing
REMOVED: |
| 1.4 Understand the Design Principles of Secure Cloud Computing | 1.4 Understand the Design Principles of Secure Cloud Computing
ADDED: |
| 1 5 Identify Trusted Cloud Services | 1.5 Evaluate Cloud Service Providers (RENAMED) |
Domain 2:
The second domain of the new CCSP exam is ‘Cloud Data security’ and has the same name as the old version. This domain has 19% weightage and has 1% weight than the old exam.
Here are a few more details regarding the second domain.
| Old CCSP domain 2 | New CCSP domain 2 |
| 2.1 Understand Cloud Data Lifecycle (CSA Guidance) | 2.1 Describe Cloud Data Concepts (RENAMED) ADDED: ‘Data Dispersion’ |
| 2.2 Design and Implement Cloud Data Storage Architectures | 2.2 Design and Implement Cloud Data Storage Architectures REMOVED: ‘Technologies Available to Address Threats’ |
| 2.3 Design and Apply Data Security Strategies | 2.3 Design and Apply Data Security Technologies and Strategies
REMOVED: ADDED: |
| 2.4 Understand and Implement Data Discovery and Classification Technologies | 2.4 Implement Data Discovery (RENAMED) REMOVED ALL OLD SUB-SECTIONS ADDED: Structured Data Unstructured Data |
| 2.5 Design and Implement Relevant Jurisdictional Data Protections for Personally Identifiable Information (PII) | 2.5 Implement Data Classification(RENAMED)
OLD SUB-SECTIONS CHANGED TO:
|
| 2.6 Design and Implement Data Rights Management | 2.6 Design and Implement Information Rights Management (IRM) (RENAMED) |
| 2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies | 2.7 Plan and Implement Data Retention, Deletion, and Archiving Policies
ADDED: ‘Legal Hold’ |
| 2.8 Design and Implement Auditability, Traceability, and Accountability of Data Events | 2.8 Design and Implement Auditability, Traceability, and Accountability of Data Events
REMOVED: |
Domain 3:
The third domain retains the same name ‘Cloud Platform and Infrastructure Security’. However, the weightage for this domain has dropped by 2% and now it has 17% weightage.
| Old CCSP domain 3 | New CCSP domain 3 |
| 3.1 Comprehend Cloud Infrastructure Components | 3.1 Comprehend Cloud Infrastructure Components |
| 3.2 Analyze Risks Associated to Cloud Infrastructure | 3.2 Design a Secure Data Center (NEW) |
| 3.3 Design and Plan Security Controls | 3.3 Analyze Risks Associated with Cloud Infrastructure |
| 3.4 Plan Disaster Recovery and Business Continuity Management | 3.4 Design and Plan Security Controls |
| 3.5 Plan Disaster Recovery (DR) and Business Continuity (BC) |
Domain 4:
The fourth domain retains the same name ‘Cloud application security’ and has 17% weightage in the exam. Here are the details:
| Old CCSP domain 4 | New CCSP domain 4 |
| 4.1 Recognize the need for Training and Awareness in Application Security | 4.1 Advocate Training and Awareness for Application Security |
| 4.2 Understand Cloud Software Assurance and Validation | 4.2 Describe the Secure Software Development Life Cycle (SDLC) Process |
| 4.3 Use Verified Secure Software | 4.3 Apply the Secure Software Development Life Cycle (SDLC) |
| 4.4 Comprehend the Software Development Life-Cycle (SDLC) Process | 4.4 Apply Cloud Software Assurance and Validation |
| 4.5 Apply the Secure Software Development Life-Cycle | 4.5 Use Verified Secure Software |
| 4.6 Comprehend the Specifics of Cloud Application Architecture | 4.6 Comprehend the Specifics of Cloud Application Architecture |
| 4.7 Design Appropriate Identity and Access Management (IAM) Solutions | 4.7 Design Appropriate Identity and Access Management (IAM) Solutions |
Domain 5:
The fifth domain of the CCSP exam has been changed from ‘Operations’ to ‘Cloud Security operations’ and has 17% weightage in the exam. These are the details:
| Old CCSP domain 5 | New CCSP domain 5 |
| 5.1 Support the Planning Process for the Data Center Design | 5.1 Implement and Build Physical and Logical Infrastructure for Cloud Environment |
| 5.2 Implement and Build Physical Infrastructure for Cloud Environment | 5.2 Operate Physical and Logical Infrastructure for Cloud Environment |
| 5.3 Run Physical Infrastructure for Cloud Environment | 5.3 Manage Physical and Logical Infrastructure for Cloud Environment |
| 5.4 Manage Physical Infrastructure for Cloud Environment | 5.4 Implement Operational Controls and Standards (e.g., Information Technology Infrastructure Library (ITIL), International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 20000-1) |
| 5.5 Build Logical Infrastructure for Cloud Environment | 5.5 Support Digital Forensics (NEW) |
| 5.6 Run Logical Infrastructure for Cloud Environment | 5.6 Manage Communication with Relevant Parties |
| 5.7 Manage Logical Infrastructure for Cloud Environment
5.8 Ensure Compliance with Regulations and Controls (e.g., ITIL, ISO/IEC 20000-1) 5.9 Conduct Risk Assesment to Logical and Physical Infrastructure 5.10 Understand the Collection, Acquisition and Preservation of Digital Evidence 5.11 Manage Communication with Relevant Parties |
5.7 Manage Security Operations (NEW) |
Domain 6:
The sixth domain of the new CCSP exam has been changed from ‘Legal and Compliance’ to ‘Legal, risk and compliance’ and has a weightage of 13% in the exam. Here are the details:
| Old CCSP domain 6 | New CCSP domain 6 |
| 6.1 Understand Legal Requirements and Unique Risks within the Cloud Environment | 6.1 Articulate Legal Requirements and Unique Risks within the Cloud Environment |
| 6.2 Understand Privacy Issues, Including Jurisdictional Variation | 6.2 Understand Privacy Issues |
| 6.3 Understand Audit Process, Methodologies, and Required Adaptations for a Cloud Environment | 6.3 Understand Audit Process, Methodologies, and Required Adaptations for a Cloud environment |
| 6.4 Understand the Implications of Cloud to Enterprise Risk Management | 6.4 Understand the Implications of Cloud to Enterprise Risk Management |
| 6.5 Understand Outsourcing and Cloud Contract Design
|
6.5 Understand Outsourcing and Cloud Contract Design |
| 6.6 Execute Vendor Management |
We have the seen the changes in the new CCSP exam that are slated to come into effect from August 1st 2019.
Contact Us
1800-843-7890 (India) 
