CISSP CPE Requirements Explained: Your Complete Renewal Guide

You worked hard to pass the CISSP exam, but certification ownership does not stop there. To keep your credential active, you must meet ongoing CISSP CPE requirements and pay the required annual maintenance fee. Many professionals lose their good standing simply because they misunderstand the renewal rules or wait too long to track their credits. As a cybersecurity professional, you cannot afford that kind of preventable risk to your career.

In this guide, we'll give you a practical walkthrough of CISSP CPE requirements, renewal steps, costs, and where to earn free credits without the guesswork. The goal is simple: help you protect your certification and stay compliant with confidence.

What Are CISSP CPE Requirements?

CISSP certification does not stay active on its own. You must continue learning and proving that your skills remain current through continuing professional education (CPE). In simple terms, CPEs are learning activities that show you still grow as a security professional after you pass the exam.

Here is what you need to know about CISSP continuing education and renewal expectations:

• CPE means ongoing professional learning.
  Each credit represents the time you spend improving your cybersecurity knowledge or professional skills. This keeps your certification aligned with real-world threats and evolving technologies.
• You must earn 120 CPE credits every three years.
  This is the official CISSP renewal requirement set by ISC2. Your three-year certification cycle is the window used to measure compliance.
• ISC2 recommends earning about 40 CPEs per year
  This yearly target is guidance, not a strict rule. However, spreading your credits annually reduces last-minute stress and helps you stay consistently compliant.
• Missing your CPE target can lead to inactivity or suspension
  If you fall short at the end of your cycle, your CISSP status can move to suspended or inactive. Restoring it later often requires extra time, fees, and administrative effort.

Summary of requirements

Keep in mind that CISSP renewal is a continuous maintenance process, not a one-time task you handle at the end of the cycle. You can spread credits across the three years so you avoid the pressure of last-minute shortages.

In the next section, you will see exactly what counts as Group A and Group B credits and how to earn them strategically.

Understanding Group A and Group B CPE Credits

To keep your CISSP active, you need to understand how Group A and Group B CPE credits work. Many professionals get confused about what counts toward each group, which can lead to shortfalls at renewal time. Focusing on the right mix of credits not only keeps your certification in good standing but also ensures you’re staying sharp across the CISSP domains.

Let’s break down how each group functions so you can plan effectively.

Group A: Domain-Related Activities

Group A credits come directly from activities related to the eight CISSP Common Body of Knowledge (CBK) domains. These form the core of your CPE requirement, with a minimum of 90 credits needed over the three-year cycle.

Some of your regular work duties can contribute, but only up to 10 credits, so most of your effort should target domain-focused learning. Prioritizing Group A ensures that you strengthen your technical and managerial knowledge in areas that matter most for both certification and real-world security practice.

Examples of Group A Activities

Here are some concrete ways you can earn Group A CPE credits while keeping your skills sharp and aligned with the CISSP domains:

• Instructor-led or self-paced security courses - Take formal courses, whether online or in-person, that cover one or more of the eight CISSP domains. Each hour spent can count toward your credits.
• Reading whitepapers, books, or magazines - Stay updated on industry trends, security frameworks, or technical practices. Reading counts as learning and can earn you Group A credits if it directly relates to the domains.
• Publishing security content - Share your expertise by writing articles, blog posts, or papers on relevant CISSP topics. Publication demonstrates mastery and contributes to your professional development.
• Attending security conferences or seminars - Participate in events where domain-relevant talks, workshops, or presentations are held. Both in-person and virtual sessions can qualify.
• Performing qualifying security projects - Work on projects outside your regular job duties that expand your knowledge in the CISSP domains. Documenting and reporting these activities can earn credits while contributing to practical experience.

Group B: Professional Development Activities

Group B credits focus on your broader professional development outside the eight CISSP CBK domains. These activities support leadership, management, and general cybersecurity skills, helping you grow as a well-rounded security professional. You can earn up to 30 Group B credits in a three-year cycle, but they cannot replace your core domain-related learning. Use Group B strategically to complement your Group A credits. But avoid relying too heavily on them. Your main effort should always strengthen your Group A: CBK expertise.

Examples of Group A Activities

Here are some practical ways to earn Group B CPE credits while enhancing your professional growth:

• Non-security conferences - Attend industry events or professional gatherings outside the security field that help build general business or technical awareness. These activities broaden your perspective and contribute to leadership skills.
• Public speaking training - Participate in workshops or courses that improve your communication and presentation abilities. Strong speaking skills support your role as a security leader.
• Management or leadership courses - Take classes that focus on team management, strategic decision-making, or executive-level responsibilities. These courses help you apply security knowledge in organizational contexts.
• Committee participation outside cybersecurity - Join boards, advisory panels, or professional committees not directly tied to security. Your contributions demonstrate broader professional engagement while earning Group B credits.
  

The CISSP Endorsement Process (Before Maintenance Begins)

Passing the CISSP exam is a huge achievement, but it does not immediately make you a certified CISSP. To activate your certification, you must complete the Certification Application process, which verifies your professional experience and ensures you meet ISC2’s standards for credentialed security professionals. Think of this step as the foundation for your long-term maintenance responsibilities. You can’t start earning CPE credits or paying annual fees until your certification is officially active.

After submitting your application, you must provide an endorser. They are someone who can vouch for your professional experience and good standing in the industry. This can be an ISC2-certified member that you know. On the other hand, if you don’t have a contact, ISC2 can act as your endorser. Your endorser will confirm the experience you listed in your application and ensure you meet all eligibility requirements. If you have relevant education or other certifications, you may qualify for partial experience waivers to cover some of the work requirements.

Once ISC2 approves your application and you pay your first Annual Maintenance Fee (AMF), your CISSP certification becomes active. At this point, you officially enter the maintenance cycle, which includes earning CPE credits and keeping your certification in good standing. Completing this endorsement process correctly ensures you start your three-year cycle on a solid footing, so you can focus on continuous professional growth without surprises later.

CISSP Annual Maintenance Fee (AMF)

The CISSP Annual Maintenance Fee (AMF) is a yearly fee you pay to ISC2 to maintain your certification in good standing. For CISSP and other senior ISC2 credentials, the current annual fee is U.S. $135, and it’s due each year on the anniversary of your certification date. You only pay one AMF, even if you hold multiple ISC2 certifications such as CISSP, CCSP, or SSCP; the fee covers all of them.

How and When You Pay

Your AMF becomes due after your certification is approved and must be paid each year on your certification anniversary. You can pay online using a credit card, PayPal, voucher, check, or wire transfer through the ISC2 dashboard or member portal. Some regions may add your local tax to the fee based on legal requirements, so your total amount may vary slightly.

Consequences of Missing AMF Payments

Failing to pay your AMF on time can put your CISSP certification at risk. While ISC2 may offer a grace period after the due date to settle your fee, letting it go unpaid can lead to suspension of your certification until the fee is paid. If suspension continues long enough, you risk losing your CISSP designation entirely and may have to meet reinstatement requirements to regain it.

Other Fees You Might Encounter

In addition to the AMF, you might see related costs for CISSP in special situations:

• AMF adjustment after endorsement: If you were an ISC2 Associate or held a lower AMF rate before earning your CISSP, you may need to pay the difference once you complete endorsement.
• Reinstatement costs: If your certification lapses after a long suspension, ISC2 may require outstanding AMFs or other fees before returning your status.
• CISSP exam cost: If you need to take the exam again

When you know how crucial the CISSP annual maintenance fee is and plan for it yearly, it guarantees that your certification remains active and that your professional reputation stays intact. This financial component is just as important as earning CPE credits and should be part of your long‑term certification strategy.

How to Earn CISSP CPE Credits

Earning CISSP CPE credits is a practical step in keeping your certification active and relevant. You can gain credits through structured courses, hands-on projects, or self-directed learning, but the key is to spread them steadily over your three-year cycle. ISC2 audits submissions to ensure validity, so maintaining proper documentation is essential. Aligning your activities with your career goals not only earns credits but also strengthens your skills and prepares you for real-world challenges. By planning ahead, you avoid last-minute scrambles and make continuing education a natural part of your professional growth.

Popular Ways to Earn Group A Credits

1. Instructor-led or self-paced security courses - Take courses that dive deep into one or more of the eight CISSP domains. Completing these gives you a solid amount of CPEs while directly improving your domain expertise.
2. Reading whitepapers, books, or magazines - Reading professional publications counts toward your Group A CPEs. Focus on material relevant to your domain to maximize points and stay updated on industry trends.
3. Publishing security content - Writing an article, blog post, or whitepaper about security topics earns CPEs and positions you as a thought leader in your field.
4. Attending security conferences or seminars - In-person or virtual conferences provide direct exposure to experts, new tools, and frameworks. Each attended session can count toward your CPE credits.
5. Performing qualifying security projects - Engage in projects outside your normal duties that enhance security within your organization. These practical activities allow you to earn credits while making a tangible impact.

Easy Ways to Earn Group B Credits

1. Non-security conferences - Attend general professional events such as leadership or management seminars. These build soft skills that support your career growth and count toward Group B credits.
2. Public speaking training - Delivering talks or training sessions, even outside security, counts as professional development. You earn credits while improving communication and presentation skills.
3. Management or leadership courses - Courses in leadership, team management, or project oversight support broader professional skills and fulfill Group B requirements.
4. Committee participation outside cybersecurity - Volunteering in professional, government, or charitable committees enhances your governance and organizational experience. These activities are recognized for Group B CPEs.

Free CISSP CPE Credits Opportunities

You do not always need to spend money to meet your free CISSP CPE credits goals. Many trusted organizations provide learning opportunities that qualify for CPE submission if you track and document your participation properly. ISC2 webinars remain one of the most reliable sources because they align closely with CBK domains and professional development topics. Security vendors also host regular webinars that often qualify, especially when the content focuses on threat trends, architecture, or risk management. You can also earn credits by reading approved whitepapers, as long as the material clearly relates to security knowledge.

Community engagement offers another practical path to free credits. Local ISC2 chapter meetings, virtual security groups, and professional forums often qualify while helping you expand your network. Some major conferences even provide free virtual tiers that allow you to attend selected sessions without paying full registration fees. These options work best when you plan and keep proof of attendance or completion. With consistent tracking, you can build a steady stream of CPEs without adding pressure to your budget.

Common Mistakes That Put CISSP Status at Risk

Even small mistakes in your CISSP renewal or CPE tracking can create bigger problems than you expect. You might risk suspension simply because you have overlooked key maintenance details. Here are the common pitfalls you should watch for and avoid early.

Waiting until the final year

Many professionals delay earning credits and suddenly realize they are short near the end of the three-year cycle. You might face a stressful rush where quality learning turns into last-minute credit chasing. Build a steady habit of earning CPEs each quarter so your renewal stays predictable and low risk.

Misunderstanding Group A vs Group B

Confusion between Group A and Group B often leads you to collect the wrong type of credits, which can delay your renewal. You may think you are on track, only to discover you lack the required Group A minimum. Review the category rules early and prioritize domain-related activities to keep your balance compliant.

Forgetting AMF payments

Missing the CISSP annual maintenance fee can place your certification into suspension, even if your CPEs are complete. This usually happens when busy professionals overlook renewal emails or assume payment is automatic. Set a yearly reminder and confirm payment inside your ISC2 dashboard to keep your status active.

Over-counting work activities

Some professionals try to claim too many credits for their regular job duties. ISC2 limits how much routine work can count, so over-reporting can trigger audit issues or rejected submissions. Track your qualifying activities carefully and diversify your learning sources to stay within policy.

Poor documentation during audits

CPE audits can become stressful when records are incomplete or missing. You might have earned valid credits, but still struggle to prove them when ISC2 requests evidence. Keep certificates, attendance proof, and notes organized throughout the cycle so you can respond quickly and confidently.

Future Planning: How to Stay CISSP-Compliant Long Term

Now that you know which mistakes to avoid, it is time to build a maintenance strategy that keeps your certification safe year after year. CISSP maintenance works best when you treat it as part of your normal professional routine instead of a last-minute task. The following habits help you stay compliant, audit-ready, and confident in your long-term certification status.

1. Build a yearly CPE routine

Set a simple yearly target so your CPE progress stays predictable and manageable. For example, schedule one learning activity each month instead of rushing near the deadline. This steady approach reduces stress and keeps your CISSP renewal requirements under control.

2. Track your credits monthly or quarterly

Use a spreadsheet, calendar reminder, or the ISC2 portal to review your progress regularly. Many professionals discover too late that they miscounted or forgot to submit credits. A quick monthly or quarterly check helps you catch gaps early and fix them before they become a problem.

3. Align CPE activities with your career goals

Choose learning activities that support the role you want next, not just the credits you need today. For example, if you plan to move into cloud security leadership, prioritize courses and conferences in that space. This strategy turns your CISSP CPE into real career momentum.

4. Stay audit-ready at all times

Keep proof of attendance, certificates, and notes for every submitted activity. ISC2 can audit your submissions, and missing documentation can invalidate your credits. A simple digital folder for each year makes this process easy and stress-free.

5. Treat CISSP as a long-term professional commitment

View your certification as an ongoing responsibility, not a one-time achievement. Security leaders who maintain this mindset rarely struggle with compliance issues. When you stay proactive, your CISSP continues to support your credibility, promotions, and leadership opportunities.

FAQs 

Keep Your CISSP Active and Your Career Moving

Keeping your CISSP active does not have to feel overwhelming when you plan and stay consistent. With a clear routine for earning CPEs and paying the cissp annual maintenance fee on time, you protect the credential you worked hard to achieve. Most professionals who run into trouble simply wait too long or misunderstand the renewal process.

Your CISSP does more than validate technical knowledge. It signals long-term professional credibility, leadership readiness, and commitment to the cybersecurity field. Employers and hiring managers often view an active CISSP as proof that you stay current with evolving threats, governance expectations, and security best practices.

Treat your CPE activities as an investment in your career, not just a compliance task. The right courses, conferences, and learning paths can strengthen your expertise, prepare you for senior roles, and expand your professional visibility. When you align your CISSP continuing education with your career goals, maintenance becomes a growth strategy instead of a yearly chore.

If you want extra structure and motivation, an online CISSP bootcamp or CISSP masterclass can make the maintenance process much easier. Guided learning paths help you earn valid CPE credits consistently while also keeping you prepared for every CISSP renewal requirement.

Enroll today and give yourself the support, accountability, and confidence to keep your certification active and your cybersecurity career moving forward.