The AAISM is not a test of whether you can build a machine learning model. It is a test of whether you can govern, secure, and manage the risk of AI systems at an enterprise level, and that distinction is where most candidates go wrong. If you hold a CISM or CISSP and work in an environment where AI is becoming part of the attack surface, this exam validates something specific: the ability to make sound security decisions about AI systems in real organizational contexts. The preparation question is not how much you know about AI, but whether you can apply security management thinking to AI's unique failure modes.
TL;DR
- Eligibility is locked: You must hold an active CISM or CISSP to sit for this exam. No exceptions.
- 90 questions in 150 minutes means roughly 100 seconds per question; scenario questions require deliberate, practiced pacing.
- Three domains: AI Governance and Program Management (31%), AI Risk Management (31%), and AI Technologies and Controls (38%). The highest-weighted domain is about controls, not code.
- Passing score is 450 on an 800-point scaled score (200-800 range).
- This is a management exam: Deep coding skills and ML engineering knowledge are not tested and not needed.
- Limited community data exists because the cert launched August 19, 2025, treat any pass rate or difficulty claims from external sources with appropriate skepticism.
- Scenario-based practice is non-negotiable: use the CertCompanion AAISM question bank to build the exam-day judgment this format demands.
What this exam is really about
The AAISM was launched by ISACA in August 2025 as what the organization positions as the first AI-centric security management certification. That framing matters. The exam is not designed to verify that you can implement a neural network or tune a language model. It is designed to verify that you can advise senior stakeholders, establish governance structures, assess AI-specific risk, and select appropriate controls for AI systems, all within the frameworks that experienced security managers already know.
What makes the exam conceptually different from CISM or CISSP is not the difficulty level but the subject matter's inherent unpredictability. AI systems behave differently from traditional software: code and data are inseparable, model behavior can drift after deployment, and adversarial attacks can target training data rather than production infrastructure. The exam tests whether you understand these distinctions well enough to make governance and risk decisions that account for them, not whether you can engineer a defense from scratch.
Exam at a glance
| Item | Value |
|---|---|
| Cost | Member: $459 USD / Non-Member: $599 USD (plus $50 application fee after passing) |
| Duration | 150 minutes (2.5 hours) |
| Questions | 90 multiple choice |
| Passing Score | 450 on a 200โ800 scaled score |
| Format | Multiple choice, scenario-based |
| Validity | 3-year CPE reporting cycle; candidates have 5 years from passing to apply for certification |
| Testing | Online proctored / Test center (PSI) |
| Retake Policy | Not published in available official documentation |
| Eligibility | Active CISM or CISSP required |
| Exam Version | Launched August 19, 2025 |
Two things about this exam's structure that directly affect exam-day strategy. First, the passing score uses a scaled model (200โ800, pass at 450), which is standard for ISACA exams. Raw correct-answer counts don't translate linearly to your reported score, so your performance on harder scenario questions carries more weight than you might expect. Second, ISACA delivers results immediately at the testing center, so you'll know before you leave whether you passed.
The 90-question format is entirely multiple choice, but ISACA's scenario-based questions are meaningfully different from straightforward knowledge recall. A typical question presents a business situation, a CISO deciding how to respond to model drift in a production AI system, or an AI vendor whose training data provenance cannot be verified, and asks you to choose the best management response. These are judgment questions, not definition questions, and they penalize candidates who have memorized frameworks without internalizing how to apply them.
ISACA requires that you hold an active CISM or CISSP at the time of application and maintain at least one of those credentials throughout the AAISM certification lifecycle. This is not a standalone entry-level credential, it is explicitly positioned as an advanced layer on top of existing security management expertise.
Who should take this exam
The AAISM is the right next step for security managers, risk professionals, and governance leads who are being asked to make decisions about AI systems without a credential that validates their AI-specific knowledge. If you hold a CISM and your organization is adopting AI tools in ways that create new risk surface, procurement of AI-powered vendors, deployment of generative AI in customer-facing products, or integration of ML models into security operations, the AAISM maps directly to the decisions you are already being asked to make.
It is also a logical credential for CISOs and enterprise security architects who need board-level vocabulary for AI risk conversations. The governance domain specifically covers how to advise stakeholders, establish AI security policy aligned with corporate ethics, and frame AI risk in terms that resonate with non-technical leadership. Candidates who are not yet in management roles, or who are still building foundational security credentials, should focus on completing CISM or CISSP first, the AAISM requires that foundation to be meaningful.
The 3 domains and what actually gets tested
Domain 1, AI Governance and Program Management (31%)31%
The official exam content outline lists five major topic areas in this domain: stakeholder considerations and regulatory requirements; AI-related strategies, policies, and procedures; AI asset and data life cycle management; AI security program development and management; and business continuity and incident response for AI systems. The domain accounts for 31% of the exam, tied with AI Risk Management as the second-largest section.
What this domain actually requires is the ability to think like a security program manager who understands that AI introduces governance obligations that do not exist for traditional software. AI assets have life cycles, model selection, training, validation, deployment, and eventual decommissioning, and each stage creates security and governance considerations that must be addressed in policy. Candidates who approach this domain with only generic security program management knowledge will miss the AI-specific nuances.
Business continuity and incident response for AI systems is an area that candidates sometimes underestimate. An AI model that produces erroneous outputs is a different kind of incident than a data breach, attribution is harder, remediation may require retraining, and the reputational and regulatory implications can be difficult to scope. The exam tests whether you understand how to build response plans that account for these differences.
Some candidates report that this domain requires strong vocabulary for board-level AI risk conversations, understanding how to translate technical AI risk into governance language that executives and regulators can act on. This aligns with the domain's focus on stakeholder considerations and regulatory requirements, which span frameworks like the NIST AI Risk Management Framework, the EU AI Act, and sector-specific guidance. Limited community data exists given the exam's recency, but the official content outline confirms that regulatory alignment is a core competency within this domain.
Domain 2, AI Risk Management (31%)31%
The official exam content outline organizes this domain around three areas: AI risk assessment, thresholds, and treatment; AI threat and vulnerability management; and AI vendor and supply chain management. At 31%, this domain carries the same weight as governance and is where candidates with traditional risk management backgrounds will find both familiarity and surprise.
The familiar part is the risk assessment framework, identifying threats, evaluating likelihood and impact, selecting treatment options. The surprise is what the threats actually are. AI systems are vulnerable to attack vectors that have no equivalent in traditional security: adversarial examples designed to fool a model, data poisoning that corrupts the training set, model inversion attacks that extract sensitive training data, and algorithm locking where a model's decision logic becomes opaque even to its operators. The exam tests whether you know these threats exist and can identify appropriate management responses, not whether you can technically execute or prevent them.
Vendor and supply chain risk is an emerging and high-stakes area. Organizations increasingly deploy AI through third-party providers or pre-trained models, and the security posture of those models depends heavily on how the vendor managed training data, model validation, and ongoing monitoring. Some candidates report that the exam covers supply chain risk with particular attention to provenance, knowing where training data came from and whether it can be trusted. Given the exam's recency, this reflects limited community evidence, but the official content outline confirms vendor and supply chain management as an explicit subtopic.
Model drift is a concept that traditional security frameworks do not address well, and it appears within this domain's scope. A model that behaved securely at deployment can behave unpredictably after real-world data distributions shift, producing outputs outside its validated parameters. The management response to model drift is a governance and monitoring question, not an engineering question, and the exam tests the management perspective.
Domain 3, AI Technologies and Controls (38%)38%
At 38%, this is the highest-weighted domain on the exam, and its name causes some candidates to over-prepare on technical content. The official content outline includes AI security architecture and design; the AI life cycle covering model selection, training, and validation; data management controls; privacy, ethical, trust, and safety controls; and security controls and monitoring. The domain is broad, but its emphasis is consistently on controls, what you do to secure AI systems, not how those systems work internally.
The AI life cycle subtopic is worth particular attention. Security decisions must be made at each stage: what data can be used for training (and under what privacy constraints), how models should be validated before deployment, what monitoring is appropriate during operation, and when a model should be decommissioned. The exam tests whether you can identify the right security control or governance decision at each stage, not whether you understand the underlying mathematics.
Data management controls covers a set of obligations that intersect privacy law, data governance, and AI-specific risk. Training data must be accurate, representative, and legally obtained. Data used in inference may be sensitive. Data retention and deletion obligations interact with the model itself, deleting a user's data from a database does not remove its influence on a trained model. These are management and policy problems, and the exam treats them as such.
Some candidates report that this domain emphasizes conceptual understanding of model operations rather than implementation details. The exam expects you to know what a neural network is and how its outputs are influenced by training data, not to code one. Candidates who come from deep technical backgrounds sometimes over-index on implementation and miss the governance framing the exam is looking for. Limited community data exists on this given the exam's August 2025 launch, but the official content outline's framing consistently points toward controls and management rather than engineering.
Privacy, ethical, trust, and safety controls is a subtopic area that distinguishes AI security governance from traditional security governance in important ways. AI systems can produce discriminatory outputs, generate harmful content, or make consequential decisions in ways that create legal and reputational risk. The security manager's role includes establishing controls that address these risks, not as an afterthought, but as part of the security program. Regulatory frameworks like the EU AI Act explicitly address these obligations, and the exam tests whether candidates understand the governance response.
What trips candidates up
Underestimating scenario-based question complexity. The AAISM's questions are not definition recall. They present organizational situations and ask for the best management response. Some candidates report finding the question format more demanding than expected, particularly under time pressure, where 100 seconds per question leaves little room for extended deliberation. Candidates who have prepared primarily by reading the review manual without practicing scenario questions are consistently at a disadvantage.
Applying traditional security frameworks without adapting them to AI. Candidates with strong CISM or CISSP backgrounds sometimes treat this as a vocabulary update rather than a conceptual shift. AI systems have failure modes, data poisoning, model drift, adversarial inputs, that have no direct equivalent in traditional security frameworks. The exam tests whether you have genuinely integrated these concepts, not just added AI terminology to your existing knowledge.
Misjudging what the exam rewards. Some candidates report preparing extensively on AI technical implementation, understanding neural network architectures, studying ML engineering concepts, reviewing code. The exam does not test this. The official content outline is unambiguous: this is a management and governance credential. Deep technical implementation knowledge is not a competitive advantage here.
Ignoring the "why incorrect answers fail" dimension of practice questions. ISACA's scenario questions frequently include answer choices that are partially correct, reasonable actions that are not the best management response in context. Understanding why the wrong answers are wrong is as important as identifying the right answer. Candidates who practice by checking correct answers without analyzing the distractors consistently report being caught off guard by similar questions on the actual exam.
Underweighting the regulatory landscape. AI governance is a rapidly evolving regulatory area. The AAISM exam covers regulatory requirements as a core competency, not as background context. Candidates who are not current on frameworks like the NIST AI RMF, the EU AI Act, and relevant sector-specific guidance will find portions of the governance domain harder than expected.
How to prepare
Foundation. ISACA offers an official AAISM Online Review Course and Virtual Workshops through the AAISM credential page at isaca.org/credentialing/aaism. The review course covers the domain content systematically and is aligned with the exam content outline. Its limitation, consistent with ISACA's other credentials, is that it is more conceptual than the actual exam. It builds knowledge of the content but does not replicate the judgment-under-time-pressure experience of 90 scenario questions.
Official study guide. The ISACA AAISM Official Review Manual is available in print and digital formats through the ISACA credential page. Treat the exam content outline (isaca.org/credentialing/aaism/aaism-exam-content-outline) as your authoritative domain checklist, every subtopic listed should be understood before you schedule. The Official Review Manual is aligned to that outline. ISACA also publishes the Exam Candidate Guide PDF, which covers logistics, eligibility, and scoring, read it before registering.
Practice questions. Scenario-based practice is not optional for this exam. The CertCompanion AAISM question bank provides scenario-based practice questions designed to reflect the management and governance orientation of the actual exam. Use them to build both content knowledge and time-pressure judgment. A target of 80โ90% on practice sets before scheduling is a reasonable benchmark, if you are consistently below that, identify which domain's scenarios are tripping you up and go back to the official content for that area.
Official exam tools:
- ISACA AAISM QAE Database, The official Questions, Answers & Explanations database is available as a 6-month subscription from ISACA and includes 200+ questions with explanations. This is the most direct insight into the question format and difficulty level. Critically: study the explanations, not just the answers.
- ISACA AAISM Free Practice Quiz, A free 12-question official practice assessment is available at isaca.org/credentialing/aaism/practice-quiz. Use it early in your preparation to calibrate the question format before investing in the QAE database.
- ISACA Official Review Course and Workshops, Available through the AAISM credential page; useful as a structured domain walkthrough alongside independent reading.
Free discount programs. ISACA members receive a significantly reduced exam fee ($459 vs. $599). If you are not currently an ISACA member, calculate whether membership cost offsets the exam fee difference, for a single exam sitting, ISACA membership typically costs less than the non-member surcharge.
Study timeline by background
Because the AAISM launched in August 2025, no robust community data on study hours by experience level exists yet. The guidance below reflects limited available information and should be treated as approximate.
| Background | Estimated preparation | Notes |
|---|---|---|
| Active CISM/CISSP with direct AI security governance experience | Weeks to 1โ2 months (limited data) | Existing frameworks transfer; primary gap is AI-specific risk concepts and regulatory landscape |
| Active CISM/CISSP with general security management background, limited AI exposure | 2โ3 months (limited data) | One source recommends this range; most time spent on AI-specific threat models and control frameworks |
| Active CISM/CISSP with strong technical AI background but limited governance experience | 2โ3 months (limited data) | Content knowledge of AI is an asset; significant effort needed to reframe technical knowledge in management and governance terms |
The AAISM is new enough that the study time ranges above come from limited sources, and individual preparation time will vary significantly based on familiarity with ISACA's scenario question format, depth of AI governance exposure, and current knowledge of the regulatory landscape. Treat these as starting estimates, not firm targets.
Exam-day tactics
Scheduling. The AAISM is delivered through PSI, either at a physical test center or via remote online proctoring. Some candidates report that scheduling requires at least 48 hours after payment is processed, plan accordingly rather than registering and expecting to test the same week. Rescheduling is reportedly penalty-free if done at least 48 hours before the appointment, though you should confirm current policy on the ISACA scheduling page at the time of registration.
Time management. At 90 questions in 150 minutes, you have an average of 100 seconds per question. This sounds adequate until you are deep in a multi-paragraph scenario question that requires evaluating four plausible management responses. Candidates who have not practiced under timed conditions consistently report time pressure as a surprise. Build timed practice into your preparation, not just answering questions, but finishing sets within the allocated time.
Elimination strategy for scenario questions. ISACA's scenario questions typically include answer choices that represent reasonable security management actions, just not the best one in context. The elimination approach that works best is to identify answers that address only part of the problem, answers that are tactically correct but strategically misaligned, and answers that apply traditional security logic without accounting for AI-specific considerations. The remaining option, the one that is most comprehensive, most aligned with governance principles, and most appropriate to the AI context, is usually correct.
After the exam. ISACA delivers scores at the testing center immediately following your session, you will know whether you passed before you leave. Your official score report is available through your ISACA My Credentials account. If you pass, you have five years from the exam date to submit your application for certification (which includes the $50 application fee). To receive the AAISM designation, you must also maintain your active CISM or CISSP at the time of application. Your digital badge and certificate are issued after ISACA processes your application.
After you pass
The AAISM requires ongoing maintenance: 10 CPE hours annually in AI-related topics, with a minimum of 30 CPE hours over the three-year reporting cycle. ISACA's annual maintenance fee is $20 for members and $35 for non-members. Critically, you must maintain an active CISM or CISSP throughout your AAISM certification lifecycle, if your underlying credential lapses, your AAISM certification is at risk. CPE hours earned for CISM or CISSP maintenance can overlap with AAISM requirements if they are in AI-relevant subject matter.
On career impact: according to ISC2's 2025 AI Adoption Survey, over one-third of cybersecurity professionals cite AI as the biggest skills shortfall on their teams. ISACA reports that 95% of digital trust professionals are concerned about generative AI being exploited by bad actors. These figures suggest genuine organizational demand for credentialed AI security expertise, not just general awareness. Roles that list AI security governance as a preferred or required competency include AI Security Manager, AI Governance Lead, AI Security Architect, Cybersecurity Risk Manager, and CISO-level positions in organizations with significant AI adoption.
Salary context: one community source estimates that AI security management professionals with specialized credentials earn $120,000โ$180,000 annually, and that professionals with AI security expertise command a 15โ25% salary premium compared to peers without specialized credentials. These figures come from limited sources and should be treated as rough estimates rather than benchmarks, your actual compensation will depend on role, organization, geography, and the credentials and experience you bring to the table.
Logical next credentials after the AAISM depend on which direction you want to develop. For deeper audit and assurance skills in AI, ISACA's AAIA (Advanced in AI Audit) is the natural companion credential. For broader governance and enterprise IT leadership, CGEIT and CRISC are relevant. CCSP extends your cloud security governance expertise in a direction that increasingly intersects with AI infrastructure. CISA is relevant if audit responsibilities are part of your role.
Frequently Asked Questions
Is the AAISM hard? The AAISM is genuinely challenging, primarily because of its scenario-based question format rather than the volume of content. Each question requires applying management judgment to a specific organizational context, not recalling a definition. Candidates who hold CISM or CISSP and are current on AI security governance concepts report the content as manageable; the time pressure and question format are where preparation gaps show up.
How many hours should I study? Limited community data exists given the exam's August 2025 launch. One source recommends two to three months of preparation, but individual study time varies based on your familiarity with AI-specific risk concepts, your comfort with ISACA's scenario question format, and how current you are on the regulatory landscape. Start with the CertCompanion AAISM question bank to calibrate where your gaps are before committing to a study timeline.
Does the AAISM expire? The AAISM operates on a three-year CPE reporting cycle with a minimum of 10 CPE hours annually in AI-related topics. It does not expire automatically, but failure to meet CPE requirements or failure to maintain an active CISM or CISSP will put the credential at risk. You also have five years from passing the exam to submit your formal application for certification.
Do I need to know how to code or build AI models? No. Some candidates report being tempted to study ML engineering or Python for this exam, that preparation is not relevant. The exam tests management and governance competencies: how to assess AI risk, establish AI security policy, select appropriate controls, and advise stakeholders. Technical implementation knowledge is not tested.
What happens if I fail? The official ISACA retake policy for AAISM is not published in currently available documentation. Check the official Exam Candidate Guide (PDF available from the AAISM credential page) for current retake rules and waiting period requirements before registering.
Is the AAISM worth it if I already have CISM and CISSP? The AAISM is most valuable if you are already operating in or moving toward roles where AI governance is a core responsibility, not as a general career booster. If your organization is deploying AI in ways that create new risk and governance obligations, the credential validates specific expertise that CISM and CISSP do not cover. If AI governance is not part of your current or target role, the return on the investment in time and exam fee is less clear.
What is the passing score? The passing score is 450 on a 200โ800 scaled score. This is the same scaled scoring model ISACA uses for CISM and other credentials.
Who can sit for the AAISM? You must hold an active CISM (Certified Information Security Manager) or CISSP (Certified Information Systems Security Professional) at the time of application. There are no experience-hour prerequisites beyond holding one of those credentials, but ISACA expects candidates to bring the security management foundation those credentials represent.
The AAISM is a narrow credential with a specific purpose: validating that security managers with existing CISM or CISSP expertise can govern, assess risk, and implement controls for AI systems, the way those systems actually behave, not the way traditional security frameworks assumes software behaves. Use the CertCompanion AAISM question bank to build scenario judgment and identify gaps before exam day. Scenario-based practice with immediate feedback is the most efficient way to close the distance between what you know conceptually and what the exam actually tests. Understand why wrong answers are wrong, build timed practice into your routine, and go in knowing exactly where your weak domains are.
Start your AAISM scenario practice at CertCompanion's AAISM question bank and know where you stand before you schedule.