CISSP CPE and certification maintenance

The CISSP is not for life. To keep it, you must earn continuing education credits (CPE) and pay an annual fee (AMF). Here is how maintenance works, with no nasty surprises.

120 CPEs over 3 years

The certification cycle lasts 3 years. You must earn 120 CPE credits in it, i.e. a recommended pace of about 40 per year. Spreading the effort beats cramming it all in the final year.

Group A and Group B

TypeWhatQuota of 120
Group ADirectly related to the 8 domains (training, conferences, certifications, technical reading)at least 90
Group BGeneral professional development (management, languages, soft skills)up to 30

The Annual Maintenance Fee (AMF)

On top of CPEs, you pay the AMF, a yearly fee to ISC2. A single AMF covers all your ISC2 certifications. Check the current amount on isc2.org.

How to earn CPEs easily

Tip: log your CPEs as you go in your ISC2 account and keep the proofs — random audits happen.

What happens if you fall short?

Without enough CPEs or a paid AMF, the certification is first suspended, then expires. There is a grace period to catch up. Beyond it, you must retake the exam — hence the value of steady tracking.

Frequently asked questions

How many CPEs to maintain the CISSP?

120 over 3 years (≈ 40/year), with at least 90 Group A and up to 30 Group B.

What is the AMF?

The annual ISC2 fee; a single one covers all your certifications.

What if you don't maintain it?

Suspension then expiration; beyond the grace period, you must retake the exam.

Not certified yet? Start with the exam

Prepare the 8 domains for free before thinking about maintenance.

How to pass the CISSP

See also: the concentrations (ISSAP, ISSEP, ISSMP).