Earning the Certified Information Systems Security Professional (CISSP) certification is a major milestone for professionals in information security. However, maintaining this certification requires ongoing effort. To keep your CISSP status active and your knowledge current, you must meet Continuing Professional Education (CPE) requirements. These CPEs ensure that certified professionals stay up-to-date with industry trends, best practices, and new advancements. In this article, we’ll break down what CPEs are, how many you need, and how you can earn them to maintain your CISSP certification.
What Are CPE Credits?
CPE credits represent the educational activities that CISSP holders must engage in to maintain their certification. The International Information System Security Certification Consortium, known as (ISC)², requires these credits to ensure that certified individuals continue learning and remain informed about changes in the cybersecurity field.
CISSP CPE Requirements
To maintain your CISSP certification, you need to earn a total of 120 CPE credits within a three-year certification cycle. These credits are divided into two categories:
Group A CPEs: These credits are related directly to the eight domains covered by the CISSP exam, such as security and risk management, asset security, and security architecture. At least 90 of your 120 CPE credits must come from Group A activities.
Group B CPEs: These credits cover general professional development activities that, while not directly tied to cybersecurity, help improve your overall skill set. Examples include learning new management techniques or even taking a foreign language class. You can earn up to 30 CPE credits from Group B activities.
In addition to earning CPE credits, you must also pay an annual maintenance fee (AMF) of $125 to keep your certification in good standing.
Ways to Earn CPE Credits
There are several ways to earn CPE credits, allowing you to choose activities that fit your interests and professional needs. Below are some common methods:
Attending Conferences and Events: Many cybersecurity conferences, seminars, and workshops qualify for CPE credits. These events provide valuable learning experiences and opportunities to network with industry professionals.
Taking Online or In-Person Courses: Enrolling in professional training sessions or academic courses related to CISSP domains can earn CPE credits. Platforms like Coursera, Pluralsight, or university courses are excellent places to start.
Participating in Webinars and Podcasts: Webinars and podcasts on cybersecurity topics are a convenient way to earn CPE credits from anywhere. Many organizations offer free or low-cost webinars that qualify.
Publishing Articles or Books: Sharing your expertise by writing and publishing articles, blogs, or even books on information security topics can earn substantial CPE credits depending on the depth and scope of the work.
Volunteering: Engaging in volunteer work related to cybersecurity, such as mentoring, participating in industry-related projects, or offering security expertise to community organizations, can also qualify for CPE credits.
Self-Study: Reading books, articles, journals, or white papers on relevant topics can also help you earn CPE credits. However, you’ll need to thoroughly document your study time and material for it to count.
Logging and Submitting Your CPEs
Once you earn your CPE credits, you’ll need to log and submit them to (ISC)². Here’s how to manage the process:
Documentation: Keep all necessary proof of your CPE activities, such as certificates of completion, receipts, or records of attendance. For self-study, log the hours and materials used.
Submission: Log into your (ISC)² member portal to enter your CPE activities. For each entry, you’ll need to provide information such as the title, description, date, and number of CPE hours earned.
Stay Consistent: Make it a habit to log CPE activities throughout the year instead of waiting until the last minute.
Tips for Staying on Track
Maintaining your CISSP certification doesn’t have to be stressful. Here are a few tips to help you stay on top of your CPE requirements:
Set Yearly Goals: Aim to earn at least 40 CPE credits each year, which will keep you on track to meet the 120-credit requirement by the end of the three-year cycle.
Plan Ahead: Schedule time for professional development activities, whether it’s attending a conference, taking a course, or self-study. Treat it as a necessary part of your job.
Stay Informed: Keep an eye out for learning opportunities that qualify for CPE credits. Subscribe to cybersecurity newsletters, follow industry blogs, and network with peers who may know about upcoming events or activities.
Be Proactive: Don’t wait until your certification cycle is nearly over to start earning CPE credits. Consistent effort over time will ensure you meet the requirements without any last-minute stress.
Maintaining your CISSP certification requires dedication to continuous learning and professional development. By earning 120 CPE credits over a three-year period through activities like conferences, courses, webinars, and even publishing, you can keep your CISSP certification active and your skills sharp. By logging your credits regularly and staying informed about industry developments, you’ll not only maintain your certification but also stay ahead in the ever-evolving world of cybersecurity.
Tara Kohl is a 20-year IT veteran whose career has centered on information security and risk management. She holds the CISSP and CISM along with a range of additional certifications, and she's spent most of those years consulting for major aerospace firms and government contractors, where security and compliance demands sit at the top of the priority list.