CCSP Mind Map
All 6 Domains. Every Topic. Zero Cost.
The most comprehensive free CCSP study resource available — covering all 6 exam domains, every key concept, and the exam traps that catch retakers out. Built for candidates preparing for the Certified Cloud Security Professional exam.
This free CCSP study guide covers all 6 domains of the CCSP exam in a single interactive CCSP mind map. Whether you are preparing for your first attempt or retaking after a failed exam, this tool breaks down every topic, sub-group, and concept the exam tests — with exam traps highlighted throughout.
The CCSP covers 6 domains, each weighted differently in the exam. Cloud Data Security carries the highest weight at 20%, reflecting that data classification, lifecycle management, and encryption in cloud environments are at the heart of what the certification tests. Cloud Concepts and Architecture, Cloud Platform and Infrastructure Security, and Cloud Application Security each contribute 17%, with Cloud Security Operations at 16% and Legal, Risk and Compliance at 13%.
Understanding the CCSP domains and how they connect — and how the exam approaches cloud-specific versions of security concepts you may already know from on-premises contexts — is what separates candidates who pass from those who retake. The shared responsibility model, the CSA data security lifecycle, cloud-specific cryptography controls, and the legal obligations that follow data across jurisdictions are the areas most candidates underestimate.
Created by Actions On Cyber to give the CCSP community a free, practical alternative to expensive study materials. Practical Guidance. Real Protection.
If the mind map does not load, open the CCSP interactive mind map directly.
CCSP vs CISSP — what is the difference?
CISSP
The CISSP covers all 8 domains of information security management — governance, risk, architecture, identity, network security, operations, and software development — from a broad managerial perspective. It is the standard credential for senior security generalists and CISOs.
The CISSP exam tests managerial and risk-based thinking across the full breadth of security. The correct answer is rarely the most technical one — it is the one a CISO making a risk-based business decision would choose.
CCSP
The CCSP focuses specifically on cloud security across 6 cloud-specific domains — architecture, data security, infrastructure, application security, operations, and legal compliance. It is the specialist credential for cloud security professionals.
The CCSP exam tests whether you can apply security thinking correctly in cloud contexts — shared responsibility, cloud-native data lifecycle, cloud-specific legal obligations, and controls that are genuinely different in cloud environments rather than just on-premises concepts in a new setting.
Which should you do first?
Many candidates hold both. The CISSP is typically the better starting point — it builds the governance, risk, and broad security foundation that makes the CCSP easier to approach. Critically, holding a CISSP satisfies the entire CCSP work experience requirement, removing the 5-year hurdle entirely. If you are already working specifically in cloud security, the CCSP alone is a strong and well-recognised credential. If you want to move into senior security leadership, the CISSP is typically the priority — and the CCSP follows naturally if your work moves into cloud environments.
Is CCSP worth it?
The honest answer is: yes, for the right person. The CCSP is worth pursuing if cloud security is where you are working or where you want to work. It is the leading vendor-neutral cloud security certification and is recognised by employers globally — particularly in financial services, government, and technology sectors where cloud security depth is a hiring requirement rather than a preference.
It is less worth pursuing as a standalone credential if you have no cloud experience. The exam tests practical cloud security thinking, and without hands-on context the concepts are harder to internalise and the credential is harder to leverage once you have it. The candidates who get the most from the CCSP are those already working in cloud security who want to formalise and deepen what they know — and signal that depth to employers.
For candidates weighing the CCSP against other certifications: the CCSP sits above cloud provider-specific credentials (AWS Security Specialty, Azure Security Engineer) in terms of breadth and vendor neutrality, and alongside rather than above or below the CISSP — they test different things for different audiences.
CCSP certification requirements
Experience requirements
To earn the CCSP you need at least 5 years of cumulative paid work experience in IT, of which at least 3 years must be in information security and at least 1 year must be in one or more of the 6 CCSP domains.
Holding a CISSP satisfies the entire CCSP experience requirement — you do not need to separately demonstrate the 5-year requirement if you are already a CISSP. This is the most common pathway for experienced security professionals adding the CCSP to their credentials.
Associate pathway
If you pass the CCSP exam but do not yet have the required experience, you become an Associate of ISC2. You then have 6 years to accumulate and document the experience required to earn the full CCSP designation.
This pathway allows candidates earlier in their careers to demonstrate exam-level knowledge now and formalise the credential as their experience grows. It is a legitimate route — not a lesser credential — and some employers value the demonstrated commitment and knowledge it represents.
Frequently asked questions about the CCSP exam
What are the 6 CCSP domains?
The 6 CCSP domains are: Cloud Concepts, Architecture and Design (17%), Cloud Data Security (20%), Cloud Platform and Infrastructure Security (17%), Cloud Application Security (17%), Cloud Security Operations (16%), and Legal, Risk and Compliance (13%). Cloud Data Security carries the highest weighting. This free CCSP mind map covers all 6 domains in full — click any domain tab in the tool above to explore its topics.
What is CCSP certification?
The CCSP — Certified Cloud Security Professional — is an advanced cloud security certification from ISC2. It validates that a candidate can design, manage, and secure data, applications, and infrastructure in the cloud using best practices, policies, and procedures. It is the leading vendor-neutral cloud security certification recognised globally by employers in finance, government, technology, and professional services.
How hard is the CCSP exam?
The CCSP is consistently rated as one of the harder cloud security certifications. It uses Computer Adaptive Testing and tests conceptual and risk-based thinking across all 6 domains — not just technical knowledge. Candidates without hands-on cloud experience often underestimate the breadth of the exam, particularly the legal, compliance, and data governance domains which require a different mindset to the technical security domains.
How long does it take to study for CCSP?
Most candidates study for 3 to 6 months. Those with an existing CISSP or hands-on cloud architecture experience may be able to compress that timeline. The most common gaps are in cloud-specific legal and compliance topics, the CSA data security lifecycle, shared responsibility model nuances, and cloud-specific cryptography controls. Every domain contributes to the exam — neglecting any one creates a predictable weak point.
How many questions are on the CCSP exam?
The CCSP uses Computer Adaptive Testing with between 125 and 175 questions, within a 4-hour window. The exam does not have a fixed number of questions — it ends when the system has determined your result with sufficient statistical confidence. Finishing early is not necessarily a sign of passing or failing — it means the system has a confident result in either direction.
Is CCSP worth it?
The CCSP is worth it for security professionals working in or moving toward cloud security roles. It demonstrates deep, vendor-neutral cloud security knowledge across architecture, data, operations, and compliance — and is recognised globally by employers in regulated industries. It is most valuable when combined with genuine hands-on cloud experience. It is also the natural next step for CISSP holders moving into cloud-focused security roles.
What are the CCSP certification requirements?
You need 5 years of cumulative paid IT work experience, including 3 years in information security and 1 year in one or more CCSP domains. Holding a CISSP satisfies the entire experience requirement. Candidates who pass the exam without the required experience become Associates of ISC2 and have 6 years to accumulate the necessary experience before earning the full CCSP designation.
CCSP vs CISSP — which should I do?
The CISSP covers broad security management across 8 domains. The CCSP is a specialist cloud security credential across 6 cloud-specific domains. Most candidates benefit from CISSP first — it builds the governance and risk foundation that makes the CCSP easier to approach, and a CISSP removes the CCSP experience requirement entirely. If you are already specifically in cloud security, the CCSP alone is a strong and respected credential.
A full CCSP course is coming.
This free CCSP Mind Map is part of Actions On Cyber's commitment to making high-quality security education accessible. A full CCSP course is in development — covering all 6 domains in depth, with video lessons, worked examples, and the exam technique that turns retakers into passers.
Also available: our free CISSP Mind Map — the same format, all 8 CISSP domains, completely free.
Practical Guidance. Real Protection.