Cheat Sheet
CISSP Cheat Sheet: Domains, Models & Key Terms
By The Exam Atlas Editorial Team · Verified 2026-05-29
A final-revision summary for CISSP. It is a study aid only — no notes are permitted in the proctored exam.
The eight domains and weights
| Domain | Weight |
|---|
| Security and Risk Management | ~16% |
| Asset Security | ~10% |
| Security Architecture and Engineering | ~13% |
| Communication and Network Security | ~13% |
| Identity and Access Management | ~13% |
| Security Assessment and Testing | ~12% |
| Security Operations | ~13% |
| Software Development Security | ~10% |
Access control models
| Model | Idea |
|---|
| DAC | Owner decides access (discretionary) |
| MAC | System enforces labels/clearances (mandatory) |
| RBAC | Access based on role |
| ABAC | Access based on attributes (user, resource, context) |
| Rule-based | Access based on rules (e.g., firewall ACLs) |
Security models
| Model | Protects | Rule |
|---|
| Bell-LaPadula | Confidentiality | No read up, no write down |
| Biba | Integrity | No write up, no read down |
| Clark-Wilson | Integrity | Well-formed transactions, separation of duties |
Business continuity / disaster recovery
| Term | Meaning |
|---|
| BIA | Business Impact Analysis — identifies critical functions |
| RTO | Recovery Time Objective — how fast you must recover |
| RPO | Recovery Point Objective — acceptable data loss |
| MTD | Maximum Tolerable Downtime |
| Sites | Hot (ready now), warm (partial), cold (empty) |
Cryptography quick recall
| Concept | Key idea |
|---|
| Symmetric | One shared key; fast (AES) |
| Asymmetric | Public/private pair; key exchange and signatures (RSA, ECC) |
| Hashing | One-way; integrity (SHA-2) |
| PKI | Certificates + CAs bind identity to public keys |
FAQ
- Can I bring a cheat sheet to the CISSP exam?
- No. CISSP is a proctored exam with no notes allowed. Use this for final revision before exam day only.
Sources
