Renewal GuideCISSPISC2 · Professional

How to Renew Your CISSP Certification

Q: How many CPE credits does CISSP renewal require?

You must earn 120 CPE credits over each three-year cycle to renew your CISSP, which works out to about 40 per year. Of those 120, at least 90 must be Group A credits (directly related to the eight CISSP domains) and up to 30 can be Group B credits (general professional development). ISC2 recommends posting at least 40 CPEs each year so you do not fall behind.

Q: How much does it cost to maintain a CISSP?

ISC2 charges a single Annual Maintenance Fee (AMF) of 135 US dollars, due each year on the anniversary of your certification. The single fee covers you even if you hold more than one ISC2 certification. The AMF is separate from any cost of the activities you use to earn CPE credits.

Your CISSP is valid for three years. To keep it, you earn 120 CPE credits and pay a small annual fee — no re-exam required. Here is exactly how the CPE cycle works, the fastest ways to earn credits, and what happens if you let it lapse.

Updated June 202610 min readLevel: MaintenanceBy ExamCert Team

3 yearsRenewal cycle

120 CPECredits needed

40 / yrAnnual minimum

$135Annual fee (AMF)

90 daysGrace period

How to renew your CISSP certification with CPE credits

01 The short answer

CISSP renews on a rolling three-year cycle. You keep it active by earning 120 Continuing Professional Education (CPE) credits across those three years and paying a $135 Annual Maintenance Fee (AMF) each year. Do both and you never sit the exam again — the certification simply renews at the end of each cycle.

The mistake people make is treating renewal as a one-time event. It is not: CPEs accrue continuously and ISC2 expects steady progress, recommending at least 40 CPEs per year so you do not arrive at year three needing to scramble for 120. The annual fee is due every year on your certification anniversary, independent of where you are in the CPE cycle.

One fee, all your ISC2 certs. The $135 AMF is a single annual fee that covers every ISC2 certification you hold — so adding the CCSP or an ISC2 concentration does not multiply your maintenance cost.

02 The CPE requirement, in detail

The 120 credits are not interchangeable — ISC2 splits them into two groups, and most of your credits must come from the technical, domain-related group.

Requirement	Amount	What counts
Total CPEs / cycle	120 over 3 years	Everything below, combined
Group A (required)	At least 90	Activities tied to the eight CISSP domains — training, conferences, reading security material, teaching
Group B (optional)	Up to 30	General professional development — project management, presentation skills, other non-security learning
Annual posting target	40 / year	ISC2's recommended pace so you never fall behind

Log CPEs as you earn them. Credits must be recorded in your ISC2 member portal, and ISC2 audits a percentage of members — so keep certificates, agendas, and receipts. Self-reported CPEs you cannot evidence can be removed in an audit, which can drop you below the threshold.

03 The fastest ways to earn CPE credits

You do not need to spend money to hit 120. A mix of free and paid activities — many of which you already do at work — gets you there comfortably.

FREE · ~1 CPE / HR

Read & watch security content

Webinars, vendor whitepapers, security podcasts, and books. ISC2's own member webinars and the on-demand library are free and auto-post credits.

FREE · HIGH VALUE

Do your job & document it

Unique work projects, writing security policy, or first-time tasks can count. One substantial project can be worth several Group A CPEs.

PAID · BIG BATCH

Attend a conference or course

A multi-day security conference or training course can earn 20–40 CPEs in one go — often the single fastest way to clear a cycle.

FREE/PAID · GROUP A

Teach, present, or write

Delivering training, speaking at a meetup, or publishing an article earns CPEs at a premium rate (and the first instance of new material counts more).

FREE · 1 CPE / HR

Online courses & labs

MOOCs, hands-on labs, and structured self-study count as Group A when they map to the CISSP domains. Keep the completion certificate.

GROUP B

Professional development

Non-security learning — leadership, communication, project management — fills your 30 Group B credits without needing more technical study.

Pace beats panic: ~3.3 CPEs a month gets you to 120 over three years. Block one webinar a week plus one conference per cycle and you are essentially done without thinking about it.

04 The renewal cycle, step by step

↻ Repeats every 3 years

Earn CPEs

Accumulate credits year-round from training, reading, work, and events — aim for 40 a year.

Log them

Record each activity in your ISC2 member portal and keep your supporting evidence in case of audit.

Pay the AMF

Pay the $135 annual maintenance fee on your certification anniversary — every year, not just at renewal.

Stay certified

Hit 120 CPEs by the end of the 3-year cycle and the certification renews automatically — no re-exam.

Your cycle is personal. The three-year clock starts from your original certification date, not a calendar year — so check your exact CPE deadline and AMF anniversary in the ISC2 portal rather than assuming December 31.

05 What happens if your CISSP lapses

Missing the requirements is recoverable if you act fast, but expensive if you ignore it. Here is the sequence.

Grace period (90 days): if you miss your AMF or CPE deadline, ISC2 gives a 90-day window to settle the fee and post the missing credits. Inside this window your certification stays intact — just catch up.

Suspension, then revocation: miss the grace period and your certification is suspended; continue to fall short and it is revoked. A revoked CISSP cannot be used on your CV or LinkedIn.

Reinstatement: ISC2 may allow reinstatement within a limited window after revocation, but in many cases the only route back is to sit and pass the CISSP exam again. That is hundreds of dollars and weeks of study — far more than staying current ever costs.

06 FAQ

How many CPE credits does CISSP renewal require?

You must earn 120 CPE credits over each three-year cycle, about 40 per year. Of those 120, at least 90 must be Group A (directly related to the eight CISSP domains) and up to 30 can be Group B (general professional development). ISC2 recommends posting at least 40 CPEs each year so you do not fall behind.

How much does it cost to maintain a CISSP?

ISC2 charges a single Annual Maintenance Fee (AMF) of $135, due each year on the anniversary of your certification. The single fee covers you even if you hold more than one ISC2 certification, and it is separate from the cost of any activities you use to earn CPEs.

What happens if my CISSP expires?

If you miss the CPE or AMF requirements, ISC2 gives a 90-day grace period to catch up. Miss that and your certification is suspended, then ultimately revoked. Once revoked, you generally have to sit and pass the CISSP exam again to regain it — so it is far cheaper to stay current.

Can I renew CISSP without retaking the exam?

Yes. The normal path is recertification by CPE: earn 120 CPE credits across three years and pay the annual maintenance fee, and you never retake the exam. Retaking is only required if you let the certification lapse and it is revoked.

ExamCert TeamCertified security & cloud pros helping you stay certified.