CISSP CPE and certification maintenance
The CISSP is not for life. To keep it, you must earn continuing education credits (CPE) and pay an annual fee (AMF). Here is how maintenance works, with no nasty surprises.
120 CPEs over 3 years
The certification cycle lasts 3 years. You must earn 120 CPE credits in it, i.e. a recommended pace of about 40 per year. Spreading the effort beats cramming it all in the final year.
Group A and Group B
| Type | What | Quota of 120 |
|---|---|---|
| Group A | Directly related to the 8 domains (training, conferences, certifications, technical reading) | at least 90 |
| Group B | General professional development (management, languages, soft skills) | up to 30 |
The Annual Maintenance Fee (AMF)
On top of CPEs, you pay the AMF, a yearly fee to ISC2. A single AMF covers all your ISC2 certifications. Check the current amount on isc2.org.
How to earn CPEs easily
- Training and webinars (including free ones) related to the domains.
- Conferences and events in security.
- Reading books or technical articles (with proof).
- Teaching, writing, speaking: very rewarding in CPEs.
- Volunteering and participating in professional groups.
Tip: log your CPEs as you go in your ISC2 account and keep the proofs — random audits happen.
What happens if you fall short?
Without enough CPEs or a paid AMF, the certification is first suspended, then expires. There is a grace period to catch up. Beyond it, you must retake the exam — hence the value of steady tracking.
Frequently asked questions
How many CPEs to maintain the CISSP?
120 over 3 years (≈ 40/year), with at least 90 Group A and up to 30 Group B.
What is the AMF?
The annual ISC2 fee; a single one covers all your certifications.
What if you don't maintain it?
Suspension then expiration; beyond the grace period, you must retake the exam.
Not certified yet? Start with the exam
Prepare the 8 domains for free before thinking about maintenance.
See also: the concentrations (ISSAP, ISSEP, ISSMP).