Cyber Security

CISSP Requirements: How to Earn and Submit CPEs

July 27, 2017

Guest Author


How to Maintain my CISSP Certification

The world of cybersecurity is constantly changing. Ensuring continued growth and up-to-date knowledge is essential. This usually is gained by earning and maintaining certifications, such as the CISSP. To maintain your certification, you must follow a structured set of CISSP requirements.

CISSP Requirements

  • Abide by the (ISC)2 Code of Ethics
  • Earn Continuing Professional Education (CPE) units
    • At least 120 CPE units over 3 years
    • At least 40 CPE units per year
  • Annual Maintenance Fee- $85 each year

The CISSP requirements, set by (ISC)2 ensures that the professionals who have earned the world-class certification gain the most current knowledge of the field and uphold the Code of Ethics. The Code of Ethics lays out how information security professionals who are certified by (ISC)2 must conduct themselves to uphold the standards of the CISSP and all (ISC)2  certifications.

CPE Reminders

When earning CPE’s, professionals with CISSP certification need to keep in mind that activities must be completed or earned during the three years of each certification cycle. The CPE’s can not be earned later than the certification expiration date (the end of member’s certification cycle). Even if you satisfy the three-year CPE requirements for CISSP certification in the first or second year of your certification cycle (120 CPE units), you must still satisfy the annual CPE requirement for the remaining year(s) of your current certification cycle (40 per year).

Following the certification expiration date, members are allowed a 90-day grace period to complete the submission of all CPE units, but the units must be earned before the expiration date.

At the end of the certification cycle, when your CISSP requirements have been met, CPE units AMF payments, members’ renewal to a new three-year certification cycle will be processed. Members will receive a renewal package via postal mail, which includes a new certificate and their ID card.

CPE Categories

If you are able to look past the standard ways to earn CPEs, there can be many fun and interesting ways to meet your CISSP requirements. CPE units are weighted by the activities in which you will earn them. Shown below are common categories of activities and the number of credits members can earn for each activity.

Or, you could always ignore these CPEs suggestions and take the exam again and again, but no one really wants to sit for a six hour exam multiple times. So let’s get inspired and explore ways to keep your 3-year certification in good standing.

There are two different categories of CPE units: Group A and Group B

  • Group A: Domain-Related Activities. These units correlate precisely to activities in the areas covered by the specific domains of the CISSP certification. You must obtain at least 30 Group A CPEs annually and 90 over a total of 3-years.
  • Group B: Professional Development/Knowledge Sharing. Group B units are earned for completion of general professional development activities which enhance a member’s overall knowledge, professional skills, and education outside of the domains associated with the CISSP certification. You can submit up to 10 Group B CPEs per year to count toward your annual total of 40 (120 over three-years).

Earn CPE Units

  • Attending educational/training courses and seminars Group A or B Educational training courses and seminars related to the CISSP domains will qualify for one Group A CPE unit for each hour of attendance. Training courses and seminars not related to the CISSP domains qualify as one Group B CPE unit for each hour of attendance.
  • Attending conferencesGroup A or B One CPE unit is earned for each hour of attendance (or one session). Cybersecurity conferences qualify as Group A units.* Other educational conferences qualify as Group B units.
  • Attending vendor presentationsGroup A For each hour of attendance at a vendor presentation one Group A CPE unit is earned. The presentation must have an educational aspect with regard to the CISSP domains.
  • Completing a higher academic courseGroup A or B One CPE unit is allowed for each hour spent in a class, or for online class. Units will only be given on passing or successfully completing the course. To qualify as a Group A unit, the course must be related to the CISSP domains. Otherwise it will be considered a Group B unit
  • Performing unique projects and activities on-the-jobGroup A only Members can earn CPE units for activities performed during their regular working hours. However, they must be engaged in unique projects, assignments, activities or exercises; falling outside of their day-to-day job responsibilities or description.

Earn 9 CPEs at the Federal IT Security Conference on November 14, 2017


(ISC)² members can claim up to 10 Group A CPE units in a year for unique on-the-job experiences. On-the-job experiences can encompass out of scope projects (e.g. committee work, Cyber Shield exercises, etc). In addition, research can also be considered if it engages in new thinking which could lead to making significant improvements in processes, products, and technologies. These CPEs can be submitted via the questionnaire available to them through the “Submit CPE” button on the Member Website.

*Members attending a cyber-security or related conference that includes vendor presentations, CPE credits need to be entered in the “conference” category. CPE credits are determined by using the method described under “Attending Conferences”.

Earn CPE Units with Qualifying Courses

Using training courses to gain CPEs as part of your CISSP requirement is a great way to stay up-to-date with current cybersecurity technologies and practices. As mentioned, training courses can qualified for both Group A and Group B CPEs. To qualify as a Group A units, the course must be related to the CISSP domains. Here are a few examples of training courses that can satisfy Group A or Group B CPE units:

What Happens if Your Certification Expires?

According to (ISC)², if your certification expires, you will need to retake and pass the exam to become certified again. Outstanding AMF payments will need to be submitted prior to sitting for the exam. Once you have passed the exam, you will need to contact Member Services to reactivate your certification. You will also need to pay a $35 fee to regain current certification after you have passed the exam.

subscribe by email

Stay Ahead

Phoenix TS needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at anytime. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, check out our Privacy Policy.