Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Available February 24, 2020: Updates to the CCNP certification and training program

On February 24, 2020, Cisco will release new certification exams. New training will roll out over the next several months.

If you have started working toward the current CCNP Security certification, keep going. In the new program, you’ll receive credit for work you’ve already completed.

Visit the CCNP Security migration tool for information about migrating your certification in progress.

Learn more

Cisco Firepower NGIPS and Cisco AMP now included

Prepare for the latest in network security with CCNP Security.

Overview

Why certify?

Cisco Certified Network Professional Security (CCNP Security) certification program is aligned specifically to the job role of the Cisco Network Security Engineer responsible for Security in Routers, Switches, Networking devices and appliances, as well as choosing, deploying, supporting and troubleshooting Firewalls, VPNS, and IDS/IPS solutions for their networking environments.

Prerequisites

Valid CCNA Security certification or any CCIE certification can act as a prerequisite.

Exams and recommended training

Last date to test: February 23, 2020

For a complete list of available network security training, visit the Security training page.

Take exam

To earn the Cisco CCNP security certification, you must pass the following exams:

300-208 SISAS

Last date to test: February 23, 2020

This exam tests validates a network security engineer knowledge of the components and architecture of secure access by utilizing 802.1X and Cisco TrustSec, including the Cisco Identity Services Engine (ISE) architecture, solution, and components as an overall network threat mitigation and endpoint control solution.

300-208 SISAS exam topics


300-206 SENSS

Last date to test: February 23, 2020

This exam validates the knowledge of a network security engineer to configure and implement security on Cisco network perimeter edge devices such as a Cisco switch, Cisco router, or Cisco ASA firewall.  

300-206 SENSS exam topics


300-209 SIMOS

Last date to test: February 23, 2020

This exam tests a network security engineer on the variety of virtual private network (VPN) solutions that Cisco has available on the Cisco ASA firewall and Cisco IOS Software platforms.  

300-209 SIMOS exam topics


300-210 SITCS

Last date to test: February 23, 2020

This exam tests a network security engineer on advanced firewall architecture and configuration with the Cisco next-generation firewall, utilizing access and identity policies.  

300-210 SITCS exam topics

Training

The best way to prepare for the CCNP Security certification is to take the Cisco-approved training:

Implementing Cisco Secure Access Solutions (SISAS)

This five-day course prepares network security engineers with the skills and knowledge needed to deploy the Cisco Identity Services Engine (ISE) and 802.1X secure network access and to implement and manage network access security by using the Cisco ISE appliance product solution.

Implementing Cisco Edge Network Security Solutions (SENSS)

This five-day course prepares network security engineers with the skills and knowledge needed to configure Cisco perimeter edge security solutions utilizing Cisco switches, Cisco routers, and Cisco Adaptive Security Appliance (ASA) firewalls and to implement and manage security on Cisco ASA firewalls, Cisco routers with the firewall feature set, and Cisco switches.

Implementing Cisco Secure Mobility Solutions (SIMOS)

This five-day course prepares network security engineers with the knowledge and skills needed to protect data traversing a public or shared infrastructure such as the Internet by implementing and maintaining Cisco VPN solutions and troubleshooting remote-access and site-to-site VPN solutions, using Cisco ASA adaptive security appliances and Cisco IOS routers.

Implementing Cisco Threat Control Solutions (SITCS)

This five-day course prepares network security engineers with the knowledge and skills to implement Ciscos FirePOWER Next-Generation IPS, AMP, as well as Web Security, Email Security and Cloud Web Security. You will gain hands-on experience with configuring various advance Cisco security solutions for mitigating outside threats and securing traffic traversing the firewall.

Recertification

On February 24, 2020, the recertification policy for this exam will be changing.

Cisco Professional-level certifications are valid for three years.

To recertify, pass ONE of the following before the certification expiration date:

  • Pass any current 642-XXX Professional-level or any 300-XXX Professional-level exam, or
  • Pass any current CCIE Written Exam, or
  • Pass the current CCDE Written Exam OR current CCDE Practical Exam, or
  • Pass the Cisco Certified Architect (CCAr) interview AND the CCAr board review to extend lower certifications.

Achieving or recertifying any of the certifications above automatically extends your active Associate and Professional level certification(s) up to the point of expiration of the last certification achieved.

For more information, access the Recertification Policy page.

Recognition

DoD 8570 recognition

The United States Department of Defense has certified the Cisco CCNA Security, Cisco CCNP Security, and Cisco Cybersecurity Specialist (SCYBER) Certifications as DoD 8570.01-M compliant.