The CCSK is a web-based examination of an individual’s competency in key cloud security issues. Launched in 2010, the CCSK is a widely recognized standard of expertise and is the industry’s primary benchmark for measuring cloud security skillsets. The CCSK was recently lauded as the most valuable IT certification in terms of average salary by Certification Magazine.
The CCSK is intended to provide understanding of security issues and best practices over a broad range of cloud computing domains. As cloud computing is becoming the dominant IT system, CCSK is applicable to a wide variety of IT and information security jobs in virtually every organization. The CCSK is strongly recommended for IT auditors, and it is even required for portions of the CSA Security, Trust & Assurance Registry (STAR) program.
The CCSK is NOT a substitute for other certifications in information security, audit and governance. Many certification programs help personal development within specific professional roles and job duties, and also provide vetting of individuals, which the CCSK does not do. The CCSK augments these other credentialing programs by encouraging a competency in cloud computing security best practices, which we believe will help individuals better cope with the increasingly pervasive cloud computing issues they are now facing. The Cloud Security Alliance is a strong supporter of popular professional certification programs within our industry and looks forward to developing formalized relationships with these programs in the future.
No. The CCSK is not a user accreditation, but a certificate of knowledge for a specific topic. Grandfathering would not serve the purpose of encouraging competency in cloud security best practices.
The CCSK in strongly supported by a broad coalition of experts and organizations from around the world. Since its launch in 2010, the CCSK has been adopted around the world and is the gold standard for demonstration of cloud security competency. The collaboration with ENISA means that the world’s two leading organizations for vendor neutral cloud security research are providing the foundation for the industry’s first cloud security certification.
In an effort to maintain the integrity of the CCSK exam the platform is designed to avoid giving out the answers to specific questions. In order to assist those that do not pass the test to study for future attempts the exam platform will provide the user with the number of questions asked from each domain and how many questions were answered correctly in each of the domains.
The exam is 90 minutes with 60 questions. As it is a timed test and some questions can be lengthy, it is recommended that you rely as little as possible on study materials.
No, the exam is online. You can register here: CCSK Account Signup
Yes, the results are immediate. You will know your score after you finish the exam.
We do not send out individual invoices. Due to the high volume of requests, we only send out invoices for bulk purchased tokens. When you sign up for the exam online, you will receive a PayPal receipt that will work as an invoice.
CSA is committed to providing the best guidance possible to its members and the greater information security community. Since its inception, the CCSK has served as a benchmark for information security practitioners, IT users, and decision makers. It is meant to reflect the changing landscape in cloud computing security.
Typically, within our organization, major industry changes are first captured in the Cloud Security Guidance and then reflected in the CCSK. We released CSA Guidance v4 in July 2017, and consequently updated the CCSK exam to v4 in December 2017.
A person who has successfully passed any version of the CCSK exam will continue to be considered a CCSK certificate holder. The actual digitized certificate that is awarded specifies the version of the exam that was completed. Because the CCSK v4 is considered to cover state-of-the-art knowledge, it is highly recommended that all existing CCSK v2 and v3 certificate holders begin planning to upgrade their skillsets and pass the CCSK v4 exam.
To update your certificate to v4, you must pass the v4 exam and reference the new certificate.
For CCSK v3 certificate holders that passed the exam between December 1, 2016 and November 30, 2018, CSA will ensure one free attempt at CCSK v4. Check your account for a remaining attempt, and contact support if one is not available. Individuals who received a CCSK certificate prior to December 1, 2016, may purchase a CCSK upgrade token for the discounted rate of $75 (one attempt). This offer is automatically made available on existing accounts.
No. Given that each domain has undergone substantial revisions to address the current state of cloud security, an estimated 85% of the content is new. CSA therefore recommends that all students study the complete, updated body of knowledge.
Yes. Any token may be used to take any version of the CCSK exam.
CCSK exam tokens are valid for 2 years from the date of purchase. We do, however, recommend that you take the exam within one year of your token purchase.
Yes, your first token is good for two attempts at the exam (should you fail the first time). However, if you fail a second time you will have to purchase another token at $395 USD should you wish to attempt the exam again.
The second purchased token (and subsequent tokens) will only be worth one attempt at the exam.
Yes, you can find all of the study material free of charge here: CCSK Study Materials
The CCSK v4 exam contains material sourced from the CSA Cloud Security Guidance v4, the CSA Cloud Control Matrix and the ENISA Cloud Computing Risk Assessment report. Approximately 86% of the exam questions will be related to content included in the CSA Security Guidance. The test is comprised of a set of random questions that covers all of these documents. Each test is different. We suggest that you study the material and feel comfortable with all of it before you sit for the exam.
There are different types of trainings courses available (online, instructor lead). To see offerings of individual training partners, go to the course schedule and select the register button.
No, you can prepare for the CCSK exam by self-study. The training courses are for a more in-depth understanding of the study materials. CCSK Study Materials
No, the CCSK Foundation is a lecture course and covers the CSA Guidance, the CSA CCM, and the ENISA Document, as preperation for the exam. The CCSK Plus course will cover all of the foundation lecture material, and in addition will include hands-on labs to gain practical experience working in a cloud environment.
Yes, the exam token is included in the cost of the training.
No, your CCSK certificate will not expire. However, information technologies in general, and cloud computing in particular, are rapidly progressing fields, and it is advisable to stay up-to-date with the most current version of the CCSK certificate.
On the CCSK homepage under the "Redeem a Token" box, there is a "Validate a Certificate" box where your employer can put in the primary email address on your account, and the code you were provided upon passing the exam.
Your CCSK certificate displays your name, primary email, and verification code.
We do not send out hard copies of individual certificates. If you wish to see your certificate you can log into your account and download it in PDF format.
No, the feature to extend exam time does not currently exist. If you do not pass the exam on the first two attempts, please contact us and we will consider your circumstances.
Yes, CSA is developing education and certification programs in conjunction with industry partners and higher education on an ongoing basis. CSA’s Cloud Controls Matrix (CCM) training and Security, Trust and Assurance Registry (STAR) certifications and attestations are additional examples of CSA’s offerings. We are also working to develop educational programs in the areas of security architecture, audit and assurance, and software development.
Yes, you can update your password once logged into your CCSK account under My Account > Security.
Currently we do not allow changing your primary email address. You can however contact us to change it for you if required. You can also add or change a backup email address under My Account > Account Details (adding a backup email is highly recommended).
Please use our Password Reset Form to reset your password.