Certified Cloud Security Professional
Demonstrates advanced technical skills and knowledge to design, manage, and secure data, applications, and infrastructure in cloud environments using best practices, policies, and procedures. Covers six domains including cloud architecture, data security, platform security, application security, operations, and legal compliance. Requires five years of IT work experience with three years in information security and one year in a CCSP domain. Accredited under ISO/IEC 17024 and approved by the U.S. DoD.
Exam domains
- Cloud Data Security20%
Describe cloud data concepts (cloud data lifecycle phases - create/store/use/share/archive/destroy, data dispersion, data flows). Design and implement cloud data storage architectures (storage types - long term/ephemeral/raw; threats to storage types). Design and apply data security technologies and strategies (encryption and key management - DEK/KEK/customer-managed keys/HSM-backed keys, hashing, data obfuscation - masking/tokenization, data loss prevention - DLP, keys, secrets and certificates management, key encryption, data de-identification). Implement data discovery (structured data, unstructured data, semi-structured data, data location). Plan and implement data classification (data classification policies, data mapping, data labeling). Design and implement Information Rights Management - IRM (objectives - data rights, provisioning, access models, tools). Plan and implement data retention, deletion, and archiving policies (data retention policies, data deletion procedures and mechanisms - crypto-shredding, data archiving procedures and mechanisms, legal hold). Design and implement auditability, traceability, and accountability of data events (definition of event sources and identity attribution requirements, logging/storage/analysis of data events, chain of custody and non-repudiation).
- Cloud Application Security17%
Advocate training and awareness for application security (cloud development basics, common pitfalls, common cloud vulnerabilities - OWASP Top 10 for cloud-native applications, OWASP API Security Top 10). Describe the Secure Software Development Lifecycle - SDLC process (business requirements, phases and methodologies). Apply the Secure Software Development Lifecycle - SDLC (cloud-specific risks, threat modeling - STRIDE/DREAD/PASTA, secure coding - OWASP ASVS/SAST/DAST/IAST/SCA, software configuration management and versioning). Apply cloud software assurance and validation (functional and non-functional testing, security testing methodologies - black/white/gray box, quality assurance, abuse case testing). Use verified secure software (approved API - secure use of API/API hardening; supply-chain management - vendor assessment/SBOM/dependency confusion/typo-squatting; third-party software management - open source software/licensing; validated open-source software). Comprehend the specifics of cloud application architecture (supplemental security components - web application firewall - WAF/database activity monitoring - DAM/XML firewalls/API gateway, cryptography, sandboxing, application virtualization and orchestration - microservices/containerization/serverless/zero trust network). Design appropriate Identity and Access Management - IAM solutions (federated identity - SAML/OIDC/OAuth2.0, identity providers - IdP, single sign-on - SSO, multi-factor authentication - MFA, cloud access security broker - CASB, secrets management - Vault/AWS Secrets Manager/Azure Key Vault/GCP Secret Manager).
Sources
Questions are grounded in 100 references from official and authoritative materials.