CSSLP domain help?!?!?!

webgeekwebgeek Member Posts: 495 ■■■■□□□□□□
Got this email today from (ISC)2 regarding CSSLP:


I have a question regarding the domains though, for example domain 1:

Key Areas of Knowledge

A. Confidentiality, Integrity, Availability
B. Authentication, Authorization, and Auditing
C. Security Design Principles
  • C.1 Least Privilege
  • C.2 Separation of Duties
  • C.3 Defense in Depth
  • C.4 Fail Safe
  • C.5 Economy of Mechanism
  • C.6 Complete Mediation
  • C.7 Open Design
  • C.8 Least Common Mechanism
  • C.9 Psychological Acceptability
  • C.10 Weakest Link
  • C.11 Leveraging Existing Components

A, B, C1, C2: From a software developer view or a security view in general?

I'm trying to see if I have enough experience to become endorsed. I called the number and spoke with the guy who is booking the event but he couldn't answer my questions. I called (ISC)2 services and spoke to two different individuals and they assumed yes but even they said the domains are pretty vague.
BS in IT: Information Assurance and Security (Capella) CISSP, GIAC GSEC, Net+, A+


  • JDMurrayJDMurray Admin Posts: 12,878 Admin
    The experience for the CSSLP is in working directly with the Secure Software Development Life Cycle (SSDLC) for lat least 4-5 years. I never went for the CSSLP because in 25 years of being paid to write software, I've never been on a project that was interested in secure coding and quality assurance practices. Knowing software engineering and knowing InfoSec is not enough; you need to have worked with them together to produce secure software.
Sign In or Register to comment.