- What Is Scaled Scoring on the CPP Exam?
- The Modified Angoff Method Explained
- Reading Your CPP Score Report
- How Domain Weights Affect Your Score
- Raw Score vs. Scaled Score: What the Difference Means for You
- Why ASIS Does Not Publish the Cut Score
- Score Report Breakdown by Domain
- Scheduling Your Prep Around Domain Weights
- What Happens After the Exam
- Frequently Asked Questions
- The CPP uses scaled scoring via the modified Angoff method; ASIS does not publish an exact passing cut score.
- Your 200-question exam contains 175 scored items and 25 unscored pretest questions you cannot identify during testing.
- Security Principles and Practices carries the largest domain weight at 46%, making it the single most important focus area.
- Domain-level feedback on your score report shows relative strength and weakness across all four exam domains.
What Is Scaled Scoring on the CPP Exam?
When you sit for the Certified Protection Professional exam at a Prometric testing center, the score you receive is not simply the number of questions you answered correctly. Instead, ASIS International applies a scaled scoring methodology that converts your raw performance into a standardized number on a fixed scale. This process exists for a straightforward reason: the CPP exam is administered across multiple testing windows throughout the year, and no two versions of the exam are identical. Scaled scoring ensures that a candidate who tested in March is evaluated on the same standard as a candidate who tested in October, even if one version of the exam contained slightly harder items than the other.
This equating process is common across high-stakes credentialing exams, but many CPP candidates encounter their score report without fully understanding what the numbers mean. Before you can interpret your results - or plan a retake - you need to understand the mechanics behind the score.
The Modified Angoff Method Explained
ASIS International uses the modified Angoff method to establish the passing cut score for the CPP exam. This is a formal standard-setting procedure, not an arbitrary threshold. Here is how it works in practice:
- A panel of subject-matter experts - practicing security professionals who hold the CPP credential - reviews every item on the exam.
- Each panelist independently estimates the probability that a minimally competent candidate (someone who just barely deserves to pass) would answer that specific question correctly.
- Those probability estimates are averaged across panelists and summed across all scored items to produce a recommended cut score.
- The panel discusses, reviews, and may revise estimates before a final cut score is adopted.
Because this process is driven by expert judgment about a hypothetical minimally competent candidate, the resulting cut score reflects what entry-level CPP-level competency actually looks like in the real world of physical security, investigations, and enterprise risk management - not a fixed percentage like "70% correct."
Key Takeaway
The modified Angoff method means the passing bar is set by experienced CPP holders evaluating job-relevant competency, not by a fixed percentage. You cannot back-calculate the cut score from the number of questions you need to get right.
Reading Your CPP Score Report
Immediately after completing your exam at the Prometric center, you receive a preliminary score report on screen. Your official score report from ASIS follows, but that immediate printout contains the most actionable information for candidates who did not pass.
What the Report Shows
Your score report includes:
- Overall pass/fail determination - the most prominent piece of information on the report.
- Your scaled score - expressed as a number on ASIS's reporting scale, not as a raw count of correct answers.
- Domain-level performance indicators - a relative rating for each of the four exam domains showing whether your performance was below, near, or above the passing standard in that area.
What the report does not show is your raw score, the exact cut score, or which specific questions you answered incorrectly. ASIS intentionally withholds item-level feedback to protect exam integrity across administrations.
The Four Domains on Your Report
Your domain-level indicators map directly to the CPP's four tested domains. Recognizing which domain is dragging down your performance is the most important use of a failing score report. For detailed context on how each domain is structured and weighted, you can review the full CPP Exam Score Report: How Scaled Scoring Works alongside the application timeline at CPP Application Process 2026: Step-by-Step Walkthrough to coordinate your retake schedule efficiently.
How Domain Weights Affect Your Score
The CPP exam is not scored as if all domains were created equal. The four domains each contribute a different proportion of the 175 scored items. Understanding those proportions tells you exactly where the exam tests you most heavily.
Domain 1: Security Principles and Practices (46%)
The largest single domain by far. Approximately 80 of your 175 scored questions come from this domain. Topics include physical security surveys, threat and vulnerability assessments, security program management, layers of protection, access control systems, intrusion detection, CCTV, and security lighting. A candidate who struggles here faces a significant mathematical disadvantage regardless of performance on other domains.
- Security risk assessment frameworks and methodologies
- Physical protection system design and evaluation
- Emergency management and business continuity
- Security technology: barriers, locks, alarms, surveillance systems
- Policies, procedures, and post orders
Domain 2: Business Principles and Practices (16%)
Covers budget management, financial justification for security expenditures, contract management, vendor oversight, organizational management theory, and legal liability. Roughly 28 scored questions. Candidates with limited management or business exposure often underestimate this domain.
- Security budget development and cost-benefit analysis
- Contract and vendor management
- Legal concepts: negligence, liability, standard of care
- Organizational behavior and leadership principles
Domain 3: Investigations (16%)
Approximately 28 scored questions covering the full investigations lifecycle - from predication and planning through evidence collection, interviewing, report writing, and case preparation. Regulatory and legal constraints on investigations receive particular attention.
- Interview and interrogation techniques
- Evidence collection, chain of custody, preservation
- Undercover operations and surveillance
- Report writing and case preparation for prosecution
Domain 4: Personnel Security (22%)
Roughly 38 scored questions on pre-employment screening, background investigations, insider threat programs, security awareness training, and termination procedures. HR-adjacent legal compliance is frequently tested.
- Background screening: criminal, employment, education verification
- Insider threat detection and mitigation programs
- Security awareness and training program design
- Termination procedures and post-employment security
Raw Score vs. Scaled Score: What the Difference Means for You
Suppose you answered 115 out of 175 scored questions correctly. That is your raw score. Your scaled score is a conversion of that raw number using a statistical equating formula that accounts for the difficulty of your specific exam form relative to the reference form used to set the cut score.
In practical terms, this means two things:
- You might pass with fewer than X correct answers on a harder form. If your version of the exam contained more difficult items than the reference form, the scaling formula will adjust upward slightly to compensate.
- You might fail with more than X correct answers on an easier form. Conversely, an easier form requires a slightly higher raw score to reach the same scaled passing threshold.
This is not the exam "moving the goalposts." It is the exam maintaining a consistent standard regardless of which form you received. The important implication: do not try to calculate a raw-score target percentage. Focus instead on genuine mastery of the content, especially within Domain 1.
Why ASIS Does Not Publish the Cut Score
This is one of the most common frustrations candidates express: ASIS International does not publicly disclose the exact scaled cut score required to pass the CPP exam. This decision is deliberate and defensible from a psychometric standpoint.
Publishing the cut score would create an incentive for candidates to attempt reverse-engineering - identifying the minimum number of questions to answer correctly and studying only to that threshold. The modified Angoff process produces a cut score that reflects what a competent security professional should know; broadcasting that number would undermine the credential's validity over time.
What candidates can say with confidence is that the exam is challenging. The unofficial pass rate estimates circulating in the security community suggest the exam is not one that passive familiarity with security concepts will carry you through. Deep, applied knowledge of each domain - particularly Security Principles and Practices - is required. Using well-designed CPP practice tests that simulate the exam's question style and domain distribution is one of the most effective ways to calibrate where you stand before test day.
Score Report Breakdown by Domain
When your official score report shows domain-level indicators, each domain is typically categorized into performance bands. While ASIS's exact language may vary, the structure generally signals whether your performance in each domain was:
| Domain | Weight | Approx. Scored Questions | Impact of Weakness |
|---|---|---|---|
| Security Principles and Practices | 46% | ~80 | Critical - largest contributor to total score |
| Personnel Security | 22% | ~38 | High - second-largest domain |
| Business Principles and Practices | 16% | ~28 | Moderate - often underestimated |
| Investigations | 16% | ~28 | Moderate - procedural knowledge is heavily tested |
If your score report shows a weak indicator in Domain 1, that weakness is more consequential than a weak indicator in Domain 3, simply because of the volume of questions involved. A retake strategy must prioritize accordingly.
Scheduling Your Prep Around Domain Weights
Because domain weights are not equal, your study time allocation should not be equal either. Below is a structured timeline that maps study focus to domain weight and logical knowledge dependencies.
Domain 1: Security Principles and Practices (46%)
- Physical protection system design: detection, delay, response layers
- Security surveys and vulnerability assessments using the CPP Reference Set methodology
- Access control, CCTV, alarm systems, lighting standards
- Emergency management planning and business continuity fundamentals
- Run CPP practice exams filtered to Domain 1 only to identify knowledge gaps early
Domain 4: Personnel Security (22%)
- Pre-employment screening processes and legal constraints (FCRA, EEOC guidance)
- Insider threat program structure and behavioral indicators
- Termination security procedures
- Security awareness training program design
Domains 2 and 3: Business Principles and Investigations (16% each)
- Security budget justification, cost-benefit analysis, ROI language for executive audiences
- Contract oversight and vendor management principles
- Investigations: interview techniques, evidence chain of custody, report writing
- Legal boundaries for workplace investigations
Full-Length Simulated Exams and Score Analysis
- Complete at least two timed 175-question simulated exams (4-hour sessions)
- Review domain-level performance indicators after each practice test
- Revisit Domain 1 sub-topics where practice test scores reveal gaps
- Review the CPP Application Process 2026: Step-by-Step Walkthrough to confirm your Prometric appointment is confirmed and fees are paid
What Happens After the Exam
If you pass, ASIS International processes your certification and your CPP designation becomes active. The certification is valid for three years, and you will need to accumulate 27 Continuing Professional Education credits across that cycle - nine per year - to renew.
If you do not pass, your score report's domain-level indicators become your primary planning tool. A single weak domain indicator in Security Principles and Practices warrants a fundamentally different retake strategy than weak indicators spread evenly across Domains 2, 3, and 4. Treat the score report as diagnostic data, not just a pass/fail verdict.
Retake candidates should also note the registration mechanics: the exam fee is $350 for ASIS members and $550 for non-members, and you will schedule your retake through Prometric. Reviewing the full CPP Application Process 2026: Step-by-Step Walkthrough ensures you don't miss any eligibility or documentation requirements before rebooking. Using targeted CPP practice tests organized by domain will let you focus your retake preparation where the score report showed your performance lagged.
Frequently Asked Questions
ASIS International does not publish the exact scaled cut score. The passing threshold is determined through the modified Angoff standard-setting process by a panel of CPP-certified subject-matter experts. The score you need to pass reflects minimally competent professional performance across all four domains, and it is expressed as a scaled score - not a fixed percentage of questions correct.
There is no reliable way to calculate a raw-answer target because the scaling formula adjusts based on the difficulty of your specific exam form. Additionally, 25 of your 200 questions are unscored pretest items, and you cannot identify them during the exam. Focus on deep content mastery rather than trying to hit a specific raw-score number.
No. ASIS and Prometric do not provide item-level feedback on your score report. You receive your overall scaled score and domain-level performance indicators showing relative strength or weakness in each of the four domains. Specific question content is withheld to protect exam security across administrations.
Domain 1 - Security Principles and Practices - represents the broadest and most operationally central body of knowledge for a security professional holding the CPP credential. The domain weight is determined through a job task analysis process that surveys how CPP-level practitioners actually spend their professional time. Physical security program design, threat and vulnerability assessment, and protective systems management are the core of the job, which is why the exam reflects that emphasis.
ASIS International's current policy allows candidates to retake the exam after a waiting period. You will need to reapply and pay the examination fee again - $350 for ASIS members, $550 for non-members. Check the current ASIS candidate handbook for the most up-to-date retake eligibility window, as policies can change between exam cycles.