Does CISSP Expire? Everything You Need to Know About CISSP Renewal

Yes, your CISSP can expire. That's the short answer, and it's worth taking seriously.

Letting your CISSP lapse isn't just an administrative problem. It affects how employers see you, how your credential shows up during background checks, and whether you stay competitive for the senior roles that list CISSP as a requirement. The good news is that expiration is entirely preventable when you understand what maintenance actually involves.

This article covers how the CISSP validity period works, what the three maintenance requirements are, what a lapsed CISSP means for your career, and how to reinstate your credential if it's already expired.

How Does a CISSP Certificate Expire?

CISSP is valid for three years from the date your certification becomes active. It doesn't automatically expire at the end of that period if you meet your maintenance requirements, but it will lapse if you don't. Understanding the difference between the three possible statuses is important before anything else.

An active CISSP means you're current on your CPE credits and annual maintenance fee, and your certification is in good standing. A suspended CISSP means you've missed a requirement, typically a late AMF payment or a CPE shortfall, but your certification hasn't been permanently revoked. There's usually a grace period to bring your status back to active. An expired or inactive CISSP means the grace period has passed without resolution. At this point, reinstatement requires additional steps and may involve retaking the exam.

Here's a quick-reference summary of everything required to keep your CISSP active:

Meeting all three requirements across your three-year cycle keeps your CISSP active without interruption. Missing any one of them is what puts your status at risk.

What Maintaining Your CISSP Actually Requires

There are three things you need to do consistently to keep your CISSP in good standing: earn CPE credits, pay your annual maintenance fee, and report your activities through the ISC2 portal.

The CPE requirement is 120 credits over your three-year cycle. ISC2 recommends pacing yourself at roughly 40 credits per year to avoid a last-minute shortfall. Those 120 credits are split between Group A activities, which are directly tied to the eight CISSP domains and require a minimum of 90 credits, and Group B activities, which cover broader professional development and are capped at 30 credits. Misunderstanding that split is one of the most common reasons professionals find themselves short at renewal time.

For a full breakdown of what qualifies for each group, how to track your credits, and where to find free CPE opportunities, our CISSP CPE requirements guide covers everything you need to know.

The Annual Maintenance Fee is $135 per year, due on the anniversary of your certification date. It covers all active ISC2 certifications you hold, so if you have both a CISSP and a CCSP, you pay one AMF that covers both. Missing this payment is the fastest way to move from active to suspended status, and it's also one of the most avoidable mistakes since it's a predictable annual expense.

All CPE submissions and fee payments go through your ISC2 member portal. For a step-by-step walkthrough of the full renewal process, including how to submit your application and what documentation to keep, our CISSP renewal requirements guide covers the complete process in detail.

What Happens to Your Career If Your CISSP Lapses

The administrative consequences of a lapsed CISSP are frustrating enough. The career consequences are where it really hurts. There are three areas where a lapsed CISSP creates real professional damage.

CISSP Lapses Show Up Immediately During Hiring

Employers who list CISSP as a requirement for senior security roles don't treat an expired certification the same as an active one. When a hiring manager or HR team runs a credential verification through the ISC2 Member Verification tool, the status returned will show your certification as inactive. That result raises immediate questions about your professional standing, regardless of how strong the rest of your resume looks.

CISSP Lapses Put Your Current Role At Risk, Not Just Future Ones

For professionals already employed in positions that require an active CISSP, a lapsed certification can threaten the job you already have. Government contractors, healthcare organizations, and financial institutions often have compliance requirements tied to maintaining active certifications among their security staff. If your employer discovers your CISSP has lapsed during an internal audit or contract review, the conversation that follows is one you'd rather avoid.

CISSP Lapses Signal Something You Don't Want It To Signal

CISSP carries weight in the cybersecurity community precisely because maintaining it requires ongoing effort. Letting it lapse signals, fairly or not, that you've deprioritized your professional development. In a field where staying current is part of the job, that perception is hard to shake once it forms.

If you're in an active security role and want a practical tool to support your ongoing professional work, our free Quarterly Security Review Toolkit gives you a structured framework for staying on top of your security program, which can also support your CPE documentation.

How to Reinstate a Lapsed CISSP

Your reinstatement path depends on how far along the lapse has gone. There are two scenarios worth understanding clearly.

1. Your certification is suspended but still within the grace period. This is the easier situation to resolve. Pay any outstanding AMF balance and submit any missing CPE credits through your ISC2 member portal. Once ISC2 confirms your account is current, your status returns to active. The sooner you act within the grace period, the simpler the process.
2. Your CISSP has fully lapsed, and the grace period has passed. The reinstatement process here is more involved. ISC2 may require you to pay outstanding fees, meet additional administrative requirements, or retake the CISSP exam to demonstrate that your knowledge is still current. The specific requirements depend on how long the certification has been inactive and the circumstances of the lapse.

In both cases, the first step is logging into your ISC2 member portal to check your current status and any outstanding requirements. If the portal doesn't give you a clear path forward, contact ISC2 member support directly. They can confirm what reinstatement requires for your specific situation and walk you through the next steps.

Frequently Asked Questions

Ready to Renew? Keep Your CISSP in Good Standing

Maintaining your CISSP doesn't have to feel like a chore. The professionals who handle it most easily are the ones who treat continuing education as part of their regular work, not a separate obligation that shows up at renewal time.

If you want to earn CPE credits while genuinely deepening your security knowledge, the CISSP Bootcamp is one of the most efficient ways to do it. Five days of intensive instruction from Rob Witcher, John Berti, Kelly Handerhan, and Nick Mitropoulos cover the full CISSP body of knowledge, keep your thinking sharp across all eight domains, and generate CPE-eligible learning hours at the same time.

If you prefer a self-paced approach that fits around your schedule, the CISSP MasterClass gives you structured, adaptive learning you can work through at your own pace. It's built to close knowledge gaps across all eight domains, which makes it as useful for maintaining your edge as it is for first-time exam preparation.

Before you commit to either path, our free Cryptography Mini MasterClass is a practical starting point. It covers one of the most heavily tested areas across the CISSP domains, it's completely free, and it counts toward your CPE hours.