ASIS International has published a comprehensive update to its Physical Security Professional (PSP) and Certified Protection Professional (CPP) standards — the first major revision since 2021. The updated framework reflects a security landscape transformed by cyber-physical convergence, AI technology, and an expanded regulatory environment.
Overview of the Update
ASIS International, the leading global association for security management professionals, has issued what it is calling its most substantive standards revision in five years. The update touches every major domain of the Physical Security Professional framework, with particular emphasis on areas where the 2021 standards had fallen behind the technology and threat environment of 2026.
The revision process involved more than 200 subject matter experts across 18 months of development, with significant input from practitioners in healthcare, critical infrastructure, commercial real estate, and government sectors. The result is a standards framework that more accurately reflects what professional physical security practice looks like in 2026 — and what organizations should be expecting from the consultants and practitioners they engage.
"Physical security has undergone a fundamental transformation. The 2026 standards reflect a discipline that now requires deep understanding of cybersecurity, AI systems, regulatory compliance, and risk management — while maintaining the core competencies that have always defined the profession."
Key Changes by Domain
| Domain | Change Type | Summary |
|---|---|---|
| Cyber-Physical Security | New | New standalone domain addressing IT/OT convergence, networked security systems security, and cyber incident response for physical security practitioners |
| AI & Analytics | New | Competency requirements for evaluating, specifying, and overseeing AI-powered security systems including video analytics and threat detection platforms |
| Risk Assessment Methodology | Updated | Revised risk assessment framework incorporating supply chain risk, insider threat, and climate-related physical security considerations |
| Access Control | Updated | Expanded to include mobile credentials, biometric systems, and cloud-hosted access control platforms with new security evaluation criteria |
| Regulatory Compliance | Updated | Updated to reflect 2026 federal framework requirements and expanded state-level physical security legislation |
| Emergency Response | Updated | Active threat response planning requirements updated; evacuation and shelter-in-place protocols revised for hybrid work environments |
The Cyber-Physical Security Domain
The most significant structural change in the 2026 update is the addition of a dedicated cyber-physical security domain. This represents ASIS's formal acknowledgment that physical security practitioners can no longer operate effectively without understanding the cybersecurity dimensions of the systems they specify and oversee.
The new domain covers three primary competency areas: understanding IT/OT network architecture as it relates to physical security systems; cybersecurity requirements for networked physical security devices; and cyber incident response procedures specific to physical security system compromises — including the physical consequences of CCTV and access control system outages.
Implications for Practitioners
For currently certified CPP and PSP holders, the 2026 standards update has several practical implications:
- Recertification cycles will incorporate the new domain competency requirements beginning with 2027 renewal periods
- Continuing education requirements have been updated to reflect the new standards domains
- Exam content for new candidates will be updated to reflect the 2026 framework effective January 1, 2027
- Organizations using ASIS certifications as hiring criteria should update job descriptions to reflect the expanded competency framework
- Security consultants should review their service offerings against the new standards to identify areas where practice updates may be needed
Implications for Facilities and Organizations
For organizations that engage security consultants, employ security professionals, or rely on ASIS standards as a benchmark for their security programs, the 2026 update creates both obligations and opportunities:
- Security programs benchmarked against the 2021 ASIS standards should be re-evaluated against the 2026 framework
- Job descriptions and competency requirements for security director and manager roles should be updated
- Vendor evaluation criteria for security system procurement should incorporate the new AI and cyber-physical competency requirements
- Organizations in regulated sectors should assess whether the updated standards create new compliance obligations under their specific regulatory framework
The 2026 ASIS standards update effectively raises the bar for what constitutes competent physical security practice. Organizations engaging security consultants should now be asking whether their consultant's expertise spans the new cyber-physical and AI domains — not just the traditional physical security disciplines.