- What Is the AAISM Exam?
- Question Format: Scenario-Based Multiple Choice
- Time Limit and Pacing Strategy
- Domain Breakdown and Question Distribution
- What AAISM Questions Actually Look Like
- Registration, Fees, and Eligibility Window
- Testing Delivery Options
- The Passing Score and Scaled Scoring
- Scheduling Your Preparation Around the Domains
- Frequently Asked Questions
- The AAISM exam contains 90 multiple-choice questions with a 150-minute time limit, requiring roughly 100 seconds per question.
- Domain 3 (AI Technologies and Controls) carries the highest weight at 38%, making it the single most important area to master.
- A passing score of 450 is required on a scaled range of 200 to 800 - not a raw percentage of correct answers.
- You must already hold an active CISM or CISSP to be eligible; that credential must stay active throughout your AAISM lifecycle.
What Is the AAISM Exam?
The Advanced in AI Security Management (AAISM) certification was launched on August 19, 2025, by ISACA - the same Schaumburg, Illinois-based association that governs CISM, CRISC, and CISA. It is the first vendor-neutral credential built specifically around the security management of artificial intelligence systems, and it sits deliberately at an advanced level: you cannot sit for it without an active CISM or CISSP already in hand.
Because the certification is so new, many candidates are approaching it without a clear picture of what the exam actually looks like mechanically. This article focuses entirely on format, structure, and the tactical knowledge you need to walk in prepared - not generic advice, but the specifics of how ISACA has constructed this particular assessment.
Question Format: Scenario-Based Multiple Choice
Every question on the AAISM exam is a multiple-choice, scenario-based item. That single phrase carries significant implications for how you should study and how you should read each question during the exam.
What "Scenario-Based" Means in Practice
Unlike knowledge-recall exams that ask "what is the definition of X," AAISM questions present a business or technical situation - a paragraph or two describing an organization's AI deployment, a risk event, or a governance gap - and then ask what the security manager should do, recommend, or prioritize. The correct answer is almost never the most technically detailed option; it is the most appropriate managerial or strategic response given the scenario's context.
This mirrors ISACA's established methodology from CISM. If you hold CISM, you already have experience with this question style. If your prerequisite is CISSP, you will want to deliberately shift your mindset from technical depth to business-risk management framing as you prepare.
Four Answer Choices, One Best Answer
Each question presents four options. ISACA consistently uses "best answer" logic rather than "only correct answer" logic. This means two or even three options may be defensible, but one is more aligned with ISACA's risk-based, governance-first perspective. Practicing with AAISM-aligned practice questions is the most reliable way to internalize that perspective before exam day.
Key Takeaway
When two answers both seem correct on an AAISM question, ask yourself: which option addresses the governance or risk management layer first? ISACA's framework consistently prioritizes organizational risk management decisions over technical implementation choices at the managerial level this exam targets.
Time Limit and Pacing Strategy
You have 150 minutes (2.5 hours) to answer 90 questions. That works out to approximately 100 seconds per question - just under 1 minute and 40 seconds each. That is not a tight time limit for someone well-prepared, but it becomes very tight if you let yourself linger on difficult scenario paragraphs.
A Practical Pacing Approach for AAISM
Divide your 150 minutes into three loose phases. In the first 60 minutes, work through questions you can answer with reasonable confidence, flagging anything that requires more thought. In the second 60 minutes, return to flagged items - you now have context from the full question set that sometimes clarifies earlier ambiguities. Reserve the final 30 minutes as a buffer for review and to ensure no questions are left unanswered. Because there is no penalty for guessing on AAISM, every question should have a submitted answer.
The scenario paragraphs on AAISM questions can run long, particularly in Domain 3 (AI Technologies and Controls) where technical context about AI architecture or model behavior may be embedded in the stem. Budget slightly more reading time for those items and practice reading efficiently - identify the role of the person in the scenario, the key risk or gap described, and what the question is actually asking before you read the answer choices.
Domain Breakdown and Question Distribution
ISACA publishes the weight of each domain in the AAISM exam content outline. These weights translate directly into approximate question counts across your 90-question exam.
| Domain | Weight | Approx. Questions (of 90) | Core Focus |
|---|---|---|---|
| Domain 1: AI Governance and Program Management | 31% | ~28 questions | AI strategy, governance frameworks, roles, policies, compliance |
| Domain 2: AI Risk Management | 31% | ~28 questions | AI-specific risk identification, assessment, treatment, and reporting |
| Domain 3: AI Technologies and Controls | 38% | ~34 questions | AI architecture, security controls, testing, monitoring, adversarial threats |
Domain 3: AI Technologies and Controls (38%)
This is the heaviest domain on the exam and the one where candidates with a purely governance background are most likely to struggle. It requires genuine fluency in how AI systems are built and where they break.
- AI model architecture concepts: supervised, unsupervised, reinforcement learning, and large language models
- Security controls specific to AI pipelines: data poisoning prevention, model integrity validation, inference attack mitigation
- AI testing methodologies: red-teaming AI models, adversarial robustness testing, bias and fairness auditing as security concerns
- Ongoing monitoring of deployed AI systems: drift detection, anomaly detection, logging and audit trails for AI decisions
Domain 1: AI Governance and Program Management (31%)
This domain tests your ability to build and manage an AI security program at the organizational level - not configure systems, but lead the governance function.
- Establishing AI security governance structures and accountability frameworks
- Aligning AI programs with enterprise risk appetite and regulatory requirements
- Policies and standards specific to AI development, procurement, and third-party AI use
- Roles and responsibilities: AI security manager, data science teams, legal, and executive stakeholders
Domain 2: AI Risk Management (31%)
Equal in weight to Domain 1, this domain focuses on identifying and treating risks that are unique to AI - not just IT risks applied to AI contexts.
- AI-specific threat modeling: prompt injection, training data manipulation, model extraction, and model inversion attacks
- Risk assessment frameworks adapted for AI systems, including dynamic and emergent risks
- Third-party and supply chain risk for AI components, APIs, and pre-trained models
- Communicating AI risk to non-technical executive stakeholders and boards
What AAISM Questions Actually Look Like
To make this concrete without reproducing proprietary content, consider the type of scenario the exam uses. A typical Domain 2 item might describe a financial services firm that has deployed a third-party AI fraud-detection model. The model's vendor does not disclose training data sources. The scenario asks what the AI security manager should do first. Options might range from immediately decommissioning the model to conducting a risk assessment to requesting vendor transparency documentation. The ISACA-aligned answer prioritizes structured risk assessment over reactive action - a consistent pattern across all three domains.
A Domain 3 question might describe unusual model output patterns observed in production monitoring logs and ask which investigative action most effectively determines whether adversarial input manipulation is occurring. Options test whether you understand the difference between model drift, data poisoning, and adversarial examples at a conceptual security level.
Preparing for this style requires working through realistic scenario questions, not flashcard-style recall. Practice tests built to the AAISM content outline are the most direct preparation tool available for this format.
Registration, Fees, and Eligibility Window
The AAISM exam is governed by ISACA and delivered through PSI, ISACA's authorized testing provider. Registration occurs through ISACA's website. Here is what the financial and administrative picture looks like:
| Item | ISACA Member | Non-Member |
|---|---|---|
| Exam Fee | $459 | $599 |
| One-Time Application Processing (post-pass) | $50 | $50 |
| Annual Maintenance Fee | $20/year | $35/year |
| Eligibility Window After Registration | 12 months | 12 months |
The $140 difference between member and non-member exam fees alone often makes ISACA membership economically rational before registering, particularly since you will also pay annual maintenance fees once certified. Once you register, you have a 12-month eligibility window to schedule and sit the exam - a generous window that allows for structured preparation without artificial urgency.
Testing Delivery Options
AAISM is available in two formats: in-person at authorized PSI testing centers and remote proctoring. Remote proctoring is available globally with one significant exception: candidates in India, Mainland China, and Hong Kong are required to test at a physical PSI center. If you are located in one of those regions, identify your nearest authorized PSI center early and check availability before you finalize your preparation timeline.
The exam is offered in English and Spanish. No other languages are currently available for Version 1.
The Passing Score and Scaled Scoring
AAISM uses a scaled scoring system ranging from 200 to 800. The passing score is 450. This is identical to how ISACA scores CISM, CRISC, and CISA - if you hold CISM, you have already passed an exam on this same scale.
Scaled scoring means your raw number of correct answers is converted through a statistical equating process. This allows ISACA to adjust for any variation in difficulty across different exam administrations without changing what "passing" means. A 450 scaled score consistently represents the same level of demonstrated competency regardless of which specific question set you receive.
Because the pass rate for AAISM has not been publicly disclosed - the certification launched in August 2025 and is too new for published statistical data - candidates cannot rely on historical pass rate benchmarks to calibrate their preparation. The prudent approach is to target genuine mastery of all three domains, with particular depth in Domain 3 given its 38% weight.
Scheduling Your Preparation Around the Domains
Given the domain weights and the scenario-based format, your preparation time should be allocated proportionally - but not equally. Domain 3 deserves the most time, and it should be studied with an emphasis on applying security thinking to AI-specific attack surfaces rather than memorizing definitions.
Domain 3 Foundation: AI Technologies and Controls
- Map AI model types (supervised, generative, reinforcement) to their specific security exposures
- Study adversarial ML attack categories: poisoning, evasion, extraction, inversion
- Review AI pipeline security controls from data ingestion through model deployment
Domain 1: AI Governance and Program Management
- Study AI governance frameworks and how they differ from traditional IT governance structures
- Review AI policy development, stakeholder accountability models, and regulatory alignment
- Connect governance concepts back to Domain 3 controls - governance dictates what gets monitored
Domain 2: AI Risk Management
- Study AI-specific threat modeling and how it extends conventional risk frameworks
- Practice communicating AI risk scenarios to executive-level stakeholders in scenario questions
- Review third-party and supply chain AI risk - a high-frequency scenario topic
Integrated Review and Timed Practice
- Complete full-length timed practice exams to build 150-minute pacing discipline
- Identify weak domains from practice results and revisit targeted content
- Review flagged questions from all three domains together, practicing cross-domain scenario reasoning
For a more detailed week-by-week breakdown tailored to different starting points and available study hours, see the AAISM Study Schedule: 8-Week Preparation Plan 2026, which maps specific content topics to each week based on the domain weights above.
Understanding the format mechanics described in this article is the foundation for all other preparation. Once you know that 34 of your 90 questions will come from Domain 3, that each question is scenario-based, and that you have 100 seconds per question, you can make informed decisions about where to invest study time. If you want to see what that format feels like in practice before your exam date, working through realistic AAISM practice questions is the most direct way to build both content knowledge and question-reading fluency simultaneously.
Frequently Asked Questions
The AAISM exam consists of 90 multiple-choice questions. You have 150 minutes (2.5 hours) to complete them, which works out to approximately 100 seconds per question. All questions are scenario-based, meaning each presents a real-world AI security management situation before asking what action or recommendation is most appropriate.
The passing score is 450 on a scaled scoring range of 200 to 800. ISACA uses the same scale for CISM, CRISC, and CISA. Your raw correct-answer count is converted to a scaled score through a statistical equating process, so 450 represents a consistent level of competency across different exam administrations.
Domain 3 (AI Technologies and Controls) carries the highest weight at 38%, meaning approximately 34 of your 90 questions come from this domain. It covers AI architecture, security controls specific to AI pipelines, adversarial testing, and production monitoring. Candidates with governance backgrounds who are less familiar with AI technical concepts should allocate extra preparation time here. See the AAISM Study Schedule: 8-Week Preparation Plan 2026 for a structured approach.
Both options are available through PSI. Remote proctoring is available globally except in India, Mainland China, and Hong Kong, where candidates are required to test at an authorized PSI physical testing center. The exam is available in English and Spanish regardless of delivery format.
The exam fee is $459 for ISACA members and $599 for non-members. After passing, a one-time $50 application processing fee applies. Ongoing maintenance costs $20 per year for members or $35 per year for non-members. You have a 12-month eligibility window from registration to schedule and sit your exam. Becoming an ISACA member before registering saves $140 on the exam fee alone, which often offsets membership costs.
Ready to Start Practicing?
Now that you know exactly what the AAISM exam looks like - 90 scenario-based questions, 150 minutes, three domains, 450 to pass - the best next step is to experience that format firsthand. Our practice questions are built to the AAISM content outline and mirror the scenario-based style ISACA uses across all three domains.
Start Free Practice Test