Blueprint Differences: Security v6.0 & v6.1


In the dynamic landscape of network engineering, change is the only constant. Cisco made changes to some of the CCIE Blueprints this year. In my previous blog, I had written about the changes made to the CCIE Enterprise Infrastructure Blueprint. In this blog I will be focusing on the CCIE Security Blueprint which was updated from v6.0 to v6.1. This is important for students currently preparing for the CCIE Security Exam as the changes will be implemented in exams starting 20th October, 2023. At a high level, the alterations are mostly minor, reflecting Cisco's ongoing commitment to fine-tuning and polishing its blueprints. The changes do not represent a radical departure from version 6.0; instead, they are subtle refinements to better align with the contemporary needs of the industry.

Let's dive deeper into the changes themselves on a section by section basis:

Section 1: Perimeter Security and Intrusion Prevention

This section remains largely unchanged. However, one new element has entered the scene: Dynamic Object in FMC. This addition underlines the significance of flexible and adaptable security solutions in our modern, dynamically evolving network environments.

Section 2: Secure Connectivity and Segmentation

This section has seen a minor reduction, with the removal of the topic of Uplink and Downlink MACsec (802.1AE). This reflects a shift in focus towards more contemporary and relevant practices in secure connectivity and segmentation.

Section 3: Infrastructure Security

There are no changes in this section, highlighting the stability and relevance of the topics in this section.

Section 4: Identity Management, Information Exchange, and Access Control

The change in this section highlights the increasing importance of identity and access management in securing today's complex and diverse network environments. A new topic has been added that focuses on IBNS 2.0 for authentication, access control, and user policy enforcement.

Section 5: Advanced Threat Protection and Content Security

While new topics haven't made their debut in this section, certain subjects have been given a renewed emphasis. Specifically, Cisco Umbrella product related topics such as DNS Proxy, DNS Security, RBI policies, CASB policies, and DLP policies now command more attention. This shows the growing prominence of advanced threat protection and content security technologies in the industry.


The CCIE Security v6.1 blueprint is essentially a refined version of its predecessor. The key updates - namely the inclusion of IBNS 2.0 and a stronger focus on Cisco Umbrella topics - are indicative of the evolving demands in the field of network engineering.

So, what does this mean for those who have been preparing for the CCIE Security exam based on the v6.0 blueprint? In my view, the changes are subtle and simply demand a sharpened focus on the updated topics.

Remember, the CCIE Security certification isn't just a testament to technical expertise; it represents a commitment to lifelong learning, adaptability, and a comprehensive understanding of networking at a large scale.