Systems Security Certified Practitioner

The Systems Security Certified Practitioner (SSCP) is the ideal certification for those with proven technical skills and practical, hands-on security knowledge in operational IT roles. It provides confirmation of a practitioner’s ability to implement, monitor and administer IT infrastructure in accordance with information security policies and procedures that ensure data confidentiality, integrity and availability. The broad spectrum of topics included in the SSCP Common Body of Knowledge (CBK) ensures its relevancy across all disciplines in the field of information security.


In-depth coverage of the seven domains required to pass the SSCP exam:


  1. Security Operations and Administration
  2. Access Controls
  3. Risk Identification, Monitoring, and Analysis
  4. Incident Response and Recovery
  5. Cryptography
  6. Networks and Communications Security
  7. Systems and Application Security


Candidates must have a minimum of 1-year cumulative work experience in 1 or more of the 7 domains of the SSCP CBK.

The SSCP is ideal for IT administrators, managers, directors, and network security professionals responsible for the hands-on operational security of their organization’s critical assets, including those in the following positions:


  • Network Security Engineer
  • Systems Administrator
  • Security Analyst
  • Systems Engineer
  • Security Consultant/Specialist
  • Security Administrator
  • Systems/Network Analyst
  • Database Administrator
  • Health Information Manager
  • Practice Manager


i. Comply with codes of ethics.
ii. Understand security concepts.
iii. Identify and implement security controls.
iv. Document and maintain functional security controls.
v. Participate in asset management lifecycle (hardware, software and data)
vi. Participate in change management lifecycle.
vii. Participate in implementing security awareness and training (e.g., social engineering/phishing)
viii. Collaborate in physical security operations (e.g., data center assessment, badging)
i. Implement and maintain authentication methods.
ii. Support internetwork trust architectures.
iii. Participate in the identity management lifecycle.
iv. Understand and apply access controls.
i. Understand the risk management process.
ii. Understand legal and regulatory concerns (e.g., jurisdiction, limitations, privacy)
iii. Participate in security assessment and vulnerability management activities.
iv. Operate and monitor security platforms (e.g., continuous monitoring)
v. Analyze monitoring results.
i. Support incident lifecycle e.g., National Institute of Standards and Technology (NIST), International Organization for Standardization (ISO)
ii. Understand and support forensic investigations.
iii. Understand and support Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) activities
i. Understand cryptography.
ii. Apply cryptography concepts.
iii. Understand and implement secure protocols.
iv. Understand Public Key Infrastructure (PKI) systems.
i. Understand and apply fundamental concepts of networking.
ii. Understand network attacks (e.g., distributed denial of service (DDoS), man-in-the-middle (MITM), Domain Name System (DNS) poisoning) and countermeasure (e.g., content delivery networks (CDN))
iii. Manage network access controls.
iv. Manage network security.
v. Operate and configure network-based security devices.
vi. Secure wireless communications.
i. Identify and analyze malicious code and activity. ii. Implement and operate endpoint device security. iii. Administer Mobile Device Management (MDM) iv. Understand and configure cloud security. v. Operate and maintain secure virtual environments.
Length of exam 4 hours
Number of questions 150
Question format Multiple choice
Passing grade 700 out of 1000 points
Exam availability English, Chinese, German, Japanese, Korean and Spanish
Testing center Pearson VUE Testing Center