This list isn’t perfect, but it’s a first pass look at what’s new, removed, updated, or changed in the Common Body of Knowledge (CBK) as of May 1st, 2021. It doesn’t align perfectly with ISC2’s exam outline, so just keep that in mind; there are a lot of new topics to learn.
Domain | Topic | Status
| 1 | Privacy shield | removed |
| 1 | Prudent actions | NEW |
| 1 | Reasonable actions | NEW |
| 1 | Data portability | NEW |
| 1 | Data localization | NEW |
| 1 | Privacy and e-discovery | NEW |
| 1 | GDPR privacy tenets | NEW |
| 1 | Public chapter (public domain) | NEW |
| 1 | unilateral NDA | NEW |
| 1 | bilateral NDA | NEW |
| 1 | multilateral NDA | NEW |
| 1 | non-compete agreement (NCA) | NEW |
| 1 | Risk: asset based, outcomes based, vulnerability based, and threat based | NEW |
| 1 | Hazard | NEW |
| 1 | Risk response | updated |
| 1 | Risk Maturity Modeling | NEW |
| 1 | micro training | NEW |
| 1 | Gamification | NEW (literally 1 sentence) |
| 2 | IT asset management lifecycle | NEW |
| 2 | Assets: materials/supplies | NEW |
| 2 | Assets: tangible/intangible | NEW |
| 2 | Kiosk service points | NEW |
| 2 | Data security lifecycle | NEW |
| 2 | Media marking? | NEW |
| 2 | Data in transit risk/recommendations | NEW |
| 2 | Pervasive encryption | NEW |
| 2 | Data lifecycle | NEW |
| 2 | Data location | NEW |
| 2 | Data maintenance | NEW |
| 2 | End of Life and End of Support | NEW |
| 2 | DRM | changed |
| 2 | Data classification policy | removed? |
| 3 | Confusion | removed |
| 3 | Diffusion | removed |
| 3 | Avalanche | removed |
| 3 | Key clustering | removed |
| 3 | Synchronous | removed |
| 3 | Asynchronous | removed |
| 3 | Meet-in-the-middle (2DES attack) | removed |
| 3 | DES/AES | reduced |
| 3 | Secure defaults | NEW |
| 3 | Fail securely | NEW |
| 3 | Keep it simple | NEW |
| 3 | Zero trust | NEW |
| 3 | Privacy by design | NEW |
| 3 | Trust but verify | NEW |
| 3 | Shared responsibility | NEW |
| 3 | Virtualized Systems | NEW |
| 3 | Hypervisor types | NEW |
| 3 | Government cloud | NEW |
| 3 | Microservices | NEW |
| 3 | VM Sprawl | NEW |
| 3 | Application container | NEW |
| 3 | Serverless systems | NEW-1 paragraph |
| 3 | High performance systems | NEW |
| 3 | Edge and Fog Computing Architectures | NEW |
| 3 | Edge Computing and Fog Computing Vulnerabilities and Mitigations | NEW |
| 3 | Quantum Cryptography | NEW |
| 3 | Key space clumping | NEW |
| 3 | Clustering? | NEW |
| 3 | Deterministic decryption | NEW |
| 3 | Cryptographic Systems Architecture | NEW |
| 3 | Bulk Encryption | NEW |
| 3 | Digital envelope | NEW |
| 3 | Complex Hybrid Cryptography | NEW |
| 3 | Public Key Infrastructure (PKI) | Updated |
| 3 | Hash | updated |
| 3 | Distributed ledger (DL) technology | NEW |
| 3 | blockchain | NEW |
| 3 | Key Management | Updated |
| 3 | Pass the hash | NEW-1 sentence |
| 3 | Threat Modeling and Internetworking | NEW |
| 3 | Kill Chains | NEW |
| 3 | Code signing | removed |
| 3 | Avalanche | removed |
| 4 | Packet loss | removed |
| 4 | Jitter | removed |
| 4 | Sequence error | removed |
| 4 | VOIP | reduced |
| 4 | Bound/unbound networks | NEW |
| 4 | LiFi | NEW |
| 4 | Acoustic wave | NEW |
| 4 | line driver | NEW |
| 4 | Amplifiers | NEW |
| 4 | Multiplexers | NEW |
| 4 | dense-wave division multiplexers (DWDMs) | NEW |
| 4 | Concentrators | NEW |
| 4 | Infiniband | NEW |
| 4 | RADSL | NEW |
| 4 | Broadband Over Powerline (BPL) | Expanded |
| 4 | frequency division multiplexing | NEW |
| 4 | WiMAX | NEW |
| 4 | Physical Layer and the Protocol Stack | NEW |
| 4 | Threats and Countermeasures to Physical Layer of OSI Model | Updated |
| 4 | PPPoE | NEW |
| 4 | Address Resolution Protocol | Updated |
| 4 | Fibre/Channel/Fibre Channel over Ethernet (FCoE) | Updated |
| 4 | Load Management | NEW |
| 4 | arbitration or deconfliction | NEW |
| 4 | polling protocols | NEW |
| 4 | contention-based protocols | NEW |
| 4 | Layer 2 Threats and Countermeasures | Updated |
| 4 | Anycast transmission | NEW |
| 4 | Geocast transmission | NEW |
| 4 | Automatic Private IP Addressing (APIPA) | NEW |
| 4 | distance vector, path vector, link-state | NEW |
| 4 | 3 groups of routing protocols | NEW |
| 4 | Classical/classless | NEW |
| 4 | RIP, RIPv3, RIPing | NEW |
| 4 | Path vector protocols | NEW |
| 4 | Border gateway protocols | NEW |
| 4 | IS-IS protocol | NEW |
| 4 | Threats and Countermeasures to Network Layer | Updated |
| 4 | Threats and Countermeasures to Transport Layer | Updated |
| 4 | Layer 5 Threats and Countermeasures | Updated |
| 4 | Threats and Countermeasures to Presentation Layer | Updated |
| 4 | OSI Layer 7: Application Layer: Hypertext Transfer Protocol (HTTP and HTTPS) | NEW |
| 4 | DHCP | Updated |
| 4 | DNS | Updated |
| 4 | Should There Be a Layer 8? | NEW |
| 4 | Threats and Countermeasures to Application Layer | Updated |
| 4 | Legacy remote access | NEW |
| 4 | Zero Trust vs. Trust, but Verify | NEW |
| 4 | Zero Trust Architectures | NEW |
| 4 | microsegmentation of networks | NEW |
| 4 | root of trust or ROT | NEW |
| 4 | Immutability | NEW |
| 4 | NAC | Updated |
| 4 | 802.1X NAC | NEW |
| 4 | NAC frameworks/best practices | NEW |
| 4 | NAC baselines/audits | NEW |
| 4 | VOIP | Reduced |
| 4 | Captive Portals | NEW |
| 4 | Wireless attacks | NEW |
| 4 | Legacy IRC | NEW |
| 4 | ZIGBEE | MISSING |
| 4 | VXLAN (Virtual Extensible LAN) | MISSING |
| 4 | Pure silica | removed |
| 4 | code-division multiple access | removed |
| 5 | Identity lifecycle | NEW |
| 5 | Privilege manager | removed |
| 5 | Provisioning | NEW |
| 5 | Accounting | NEW |
| 5 | User behavior review | NEW |
| 5 | Job or duties review-privil. creep | NEW |
| 5 | Disable and deprovision | NEW |
| 5 | Permission aggregation | NEW |
| 5 | Security identifiers | NEW |
| 5 | Privilege escalation | NEW |
| 5 | Vertical privilege escalation | NEW |
| 5 | Horizontal privilege escalation | NEW |
| 5 | Lateral movement | NEW |
| 5 | IAAA | NEW |
| 5 | CIANA + PS | NEW |
| 5 | Security models combined with AC models (BLP, Biba, MAC, DAC, etc.) | NEW |
| 5 | Strong star property | NEW |
| 5 | Risk based access control (RiBAC) | NEW |
| 5 | Dual custody | NEW |
| 5 | Access Control as a System | NEW |
| 5 | Logical access control | Expanded |
| 5 | Physical access control systems | Expanded |
| 5 | Facilities | Expanded |
| 5 | Identity Store | NEW |
| 5 | Just in time identity | NEW |
| 5 | Self-service | NEW |
| 5 | Identity management | NEW |
| 5 | FIM | NEW |
| 5 | Access Control Technologies and Devices | Updated |
| 5 | Biometrics: Who Are You | reduced; no longer lists retina scan, vein patterns, etc. |
| 5 | SSO | NEW |
| 5 | Just in time identity | NEW |
| 5 | Human/non-human users | NEW |
| 5 | Escalation | NEW |
| 5 | De-escalation | NEW |
| 5 | Real-time | NEW |
| 5 | Full identity lifecycle | NEW |
| 5 | Privileged account management (PAM) | NEW |
| 5 | Privileged session management | NEW |
| 5 | Endpoint privilege management | NEW |
| 5 | Remote helpdesk | NEW |
| 5 | Session Management | NEW |
| 5 | Kerberos | NEW |
| 5 | Kerberos Tickets | NEW |
| 5 | Goal of Kerberos | NEW |
| 5 | Drawbacks of Kerberos | NEW |
| 5 | OpenID and Authentication and OpenID Connect | NEW |
| 5 | Linear succession of attributes | removed |
| 5 | Identity governance | removed |
| 6 | Audits/assessments: formal vs informal | NEW |
| 6 | Finding attributes: condition, criteria, cause, effect, recommendation | NEW |
| 6 | no notice assessment | NEW |
| 6 | NIST Risk Management Framework SP 800-37r2 | NEW |
| 6 | NIST Cybersecurity Framework | NEW |
| 6 | ISO 27000 | NEW |
| 6 | Service Organization Control (SOC) Reports | NEW |
| 6 | Trust service criteria | NEW |
| 6 | SOC Reports for Clouds and Data Centers | NEW |
| 6 | Planning and Conducting a SOC Audit | NEW |
| 6 | SAS 70 | NEW |
| 6 | International Adoption of SSAE | NEW |
| 6 | Internal Audit and Assessment | NEW |
| 6 | External Audit and Assessment | NEW |
| 6 | integrated audits | NEW |
| 6 | forensic audits | NEW |
| 6 | information systems audits | NEW |
| 6 | compliance, financial, operating audits | NEW |
| 6 | Third-Party Audit and Assessment | NEW |
| 6 | Managed Services and Security Assessment | NEW |
| 6 | NCSC 12 principles | NEW |
| 6 | supply chain risk management | NEW |
| 6 | ISO 28000-series | NEW |
| 6 | Control Assessment Methods and Tools | NEW |
| 6 | Judgmental sampling | NEW |
| 6 | Interview and Testing | NEW |
| 6 | Compliance and Substantive Testing | NEW |
| 6 | Testing Perspectives | NEW |
| 6 | Code Review and Testing | Updated |
| 6 | Ethical Penetration Testing | NEW |
| 6 | Rules of Engagement -ROE | NEW |
| 6 | Ethical pentest vs. Ethical hacking | NEW |
| 6 | bug bounty | NEW |
| 6 | Blind/Double-blind test | NEW |
| 6 | Ethical Penetration Testing – Basic Methodology | NEW |
| 6 | Continuous Full-Cycle Testing | NEW |
| 6 | Chaos engineering | NEW |
| 6 | Service-level agreement validation | NEW |
| 6 | Synthetic Transactions in Practice | NEW |
| 6 | Security Education, Training and Awareness | NEW |
| 6 | Backup Verification Data | NEW |
| 6 | BCDR | Updated |
| 6 | Desk check (removed in 2018) | NEW |
| 6 | Full Cutover (full interruption) | NEW |
| 6 | Remediation | NEW |
| 6 | CPI models | NEW |
| 6 | plan-do-check-act | NEW |
| 6 | six sigma | NEW |
| 6 | Exception Handling | NEW |
| 6 | Ethical Disclosure | NEW |
| 6 | Non-Disclosure | NEW |
| 6 | Full Disclosure | NEW |
| 6 | Responsible Disclosure | NEW |
| 6 | Mandatory Reporting | NEW |
| 6 | Whistleblowing | NEW |
| 7 | Vulnerability testing | changed/combined |
| 7 | Penetration testing | changed/combined |
| 7 | Overt/covert | removed |
| 7 | White hat testing | removed |
| 7 | Black hat testing | removed |
| 7 | Third party | changed/combined |
| 7 | Internal/external | changed/combined |
| 7 | Black/white/grey box | removed |
| 7 | Information lifecycle | changed/combined (new is “data security lifecycle”, Domain 2) |
| 7 | Incident management | changed/combined |
| 7 | Log Management | NEW |
| 7 | Pattern matching | NEW |
| 7 | Threat Hunting and IDS/IPS | NEW |
| 7 | endpoint detection and response (EDR) | NEW |
| 7 | extended detection and response (XDR) | NEW |
| 7 | AGILITY | NEW |
| 7 | Security Information and Event Management (SIEM) | Updated |
| 7 | self hosted, self-managed SIEM, Cloud SIEM | NEW |
| 7 | Hybrid self-hosted | NEW |
| 7 | SIEM as a service | NEW |
| 7 | Real-Time Monitoring | NEW |
| 7 | Continuous Monitoring | updated |
| 7 | Information Security Continuous Monitoring (ISCM) | NEW |
| 7 | precursors | NEW |
| 7 | Threat Intelligence: external/internal | NEW |
| 7 | User and Entity Behavior Analytics (UEBA) | NEW |
| 7 | MITRE’s ATT&CK Framework | NEW |
| 7 | Monitoring Limitations | NEW |
| 7 | CHANGE MANAGEMENT | new, updated from configuration management |
| 7 | Change Enablement | NEW |
| 7 | Change Initiation | NEW |
| 7 | Change Review and Approval | NEW |
| 7 | Implementation and Change Evaluation | NEW |
| 7 | Release and Deployment Planning and Control | NEW |
| 7 | Major Change Management Activities – Patch Management | updated |
| 7 | Security Baselining | NEW |
| 7 | Configuration Automation | NEW |
| 7 | Change Management Board (CMB) | NEW |
| 7 | Incident management | Combined with Incident Response |
| 7 | Incident Response Standards | NEW |
| 7 | Cyber Forensics | NEW |
| 7 | forensic readiness | NEW |
| 7 | Incident management/response:Preparation, detection, analysis, response, and review and improvement | NEW |
| 7 | Security Operations Center | NEW |
| 7 | Security Orchestration, Automation, and Response (SOAR) | NEW |
| 7 | Security orchestration | NEW |
| 7 | security automation | NEW |
| 7 | Allowed vs. Blocked List | NEW |
| 7 | Fourth generation firewall | NEW |
| 7 | Ransomware and Ransom Attacks | NEW |
| 7 | Machine Learning and Artificial Intelligence (AI) Based Tools | NEW |
| 7 | Software-defined security (SDS) | NEW |
| 7 | SDS and Assessment | NEW |
| 7 | Backup Minimum Protection | NEW |
| 7 | 3-2-1 backup strategy | NEW |
| 7 | Cloud Backup-as-a-Service | NEW |
| 7 | Crime Prevention through Environmental Design (CPTED) | NEW |
| 7 | “broken window” concept | NEW |
| 7 | Contact devices (switches) | NEW |
| 7 | Solid core/Hollow-core | NEW |
| 7 | Turnstiles | NEW |
| 7 | Building Codes | NEW |
| 7 | Restricted and Work Area Storage | NEW |
| 7 | sensitive compartmented information facilities (SCIFs) | NEW |
| 7 | American Society of Heating, Refrigerating and Air-Conditioning Engineers (ASHRAE) publishes the ANSI/ASHRAE Standard 90.4-2019 | NEW |
| 7 | High density | NEW |
| 7 | ionization | NEW |
| 7 | photoelectric | NEW |
| 7 | Very Early Smoke Detection Apparatus, or VESDA | NEW |
| 7 | The 5 fire classification types | NEW – brought back from old CBK |
| 7 | Aqueous Firefighting Foam (AFFF) | NEW |
| 7 | Non-conductive, nontoxic liquid suppressants | NEW |
| 7 | Travel: condition monitoring | NEW |
| 7 | MDM | NEW |
| 7 | Bricking | NEW |
| 7 | Operationalizing Frameworks | NEW |
| 7 | Privacy Management Framework (PMF) | NEW |
| 7 | HITRUST Common Security and Privacy Framework (CSF) | NEW |
| 7 | SWIFT | NEW |
| 7 | Cloud Security Alliance Internet of Things SCF | NEW |
| 7 | Digital Forensics Tools, Tactics, and Procedures | NEW |
| 7 | BC Standards | NEW |
| 7 | National Institute of Standards and Technology Special Publication 800-34 | NEW |
| 7 | International Organization of Standardization (ISO) 223XX Series | NEW |
| 7 | Maximum Allowable Outage or MAO | NEW |
| 7 | Business continuity Lessons Learned | NEW |
| 8 | Development Time vs. The Impact of Errors | NEW |
| 8 | Waterfall Software Lifecycle Development (SDLC) Model | NEW |
| 8 | Business Impact Per Stage vs. Cost to Change | NEW |
| 8 | Software Design and Coding Errors | NEW |
| 8 | Shared Responsibility | NEW |
| 8 | Security baked in | NEW |
| 8 | Partnership for Systems Approaches to Safety and Security (PSASS) | NEW |
| 8 | Designing and Writing Software | NEW |
| 8 | Emerging properties | NEW |
| 8 | Source vs Executable Code | NEW |
| 8 | Intermediate code | NEW |
| 8 | Arbitrary code | NEW |
| 8 | Nested | NEW |
| 8 | Code reuse | NEW |
| 8 | Refactoring | NEW |
| 8 | Data modeling | NEW |
| 8 | Data quality standards and practices | NEW |
| 8 | Level of abstraction | NEW |
| 8 | Lower order languages | NEW |
| 8 | High (or higher)-order languages (HOL) | NEW |
| 8 | Data type enforcement | NEW |
| 8 | Data protection or data hiding | NEW |
| 8 | Code protection or logic hiding | NEW |
| 8 | Assembly language | NEW |
| 8 | Compiled languages | NEW |
| 8 | Interpreted languages | NEW |
| 8 | constraint-based or logic programming | NEW |
| 8 | Standard Libraries, Other Libraries, and Software Reuse | NEW |
| 8 | Business needs: consult, ask, evaluate, agree, document | NEW |
| 8 | Controls for Incomplete Parameter Checking and Enforcement | NEW |
| 8 | memory leak | NEW |
| 8 | Data-centric Vulnerabilities | NEW |
| 8 | Between-the-Lines | NEW |
| 8 | Bypass attacks | NEW |
| 8 | Compromising database views used for access control | NEW |
| 8 | Exploits against alternative, but not quite equivalent, access routes | NEW |
| 8 | Data contamination | NEW |
| 8 | Improper modification of information | NEW |
| 8 | Query attacks | NEW |
| 8 | Data lakes | NEW |
| 8 | data farms | NEW |
| 8 | Network Database Management Model | Updated |
| 8 | CODASYL model, created by the Conference on Data Systems Languages | NEW |
| 8 | Parallel processing | NEW |
| 8 | Graph databases | NEW |
| 8 | candidate key | NEW |
| 8 | Non-relational Databases (NoSQL) | NEW |
| 8 | Connecting Apps to Databases | NEW |
| 8 | probabilistic method | NEW |
| 8 | statistical approach | NEW |
| 8 | Deviation and trend analysis | NEW |
| 8 | Baking in security (a few modules) | NEW |
| 8 | Protecting Against Ransomware and Ransom Attacks | NEW |
| 8 | Cross-Disciplinary Methods, Integrated Product Team (IPT), and Integrated Product and Process Development (IPPD) | NEW |
| 8 | Strong Data Typing and Structure Enforcement by Programming Language | NEW |
| 8 | strongly typed | NEW |
| 8 | weakly typed | NEW |
| 8 | Limit Reuse to Trusted Libraries | NEW |
| 8 | REST | Updated |
| 8 | Tools, Integrated Development Environments (IDEs) | Updated |
| 8 | Security controls in software development ecosystems | NEW |
| 8 | Security of Code Repositories | NEW |
| 8 | Continuous Integration (CI) and Continuous Delivery (CD) | NEW |
| 8 | Software Assurance Policy | NEW |
| 8 | Software Assurance During Acquisition Phases | NEW |
| 8 | Orphaned Software and Systems Security Assessment | NEW |
| 8 | Mergers and Acquisitions Special Issues Regarding Software, Databases, and Systems Security Assessment | NEW |
| 8 | Commodity Systems | NEW |
| 8 | Joint analysis development | removed |
| 8 | rapid application development | removed |
| 8 | Exploratory model | removed |