Maintaining your CCSP Certification: Renewal Requirements [updated 2021]

Fakhar Imam
September 26, 2021 by
Fakhar Imam

Once you earn a Certified Cloud Security Professional (CCSP) certification, you become an (ISC)² member and join a global community of approximately 150,000 cybersecurity professionals. However, you must maintain your CCSP certification to continue to receive the benefits of your membership, keep yourself abreast of the latest industry trends and keep your skills and knowledge current.

In this article, you will learn about Group A and Group B Continuing Professional Education (CPE) credits, CCSP renewal requirements, how to regain membership, how to retake the CCSP exam and the benefits of maintaining your CCSP certification.

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

What are the CCSP renewal requirements?

You must recertify every three years by paying an annual maintenance fee (AMF) of $125 and earning 90 Continuing Professional Education (CPE) credits before the certification expires. 30 CPEs are required for each year of the renewal cycle. If you are unable to pay an AMF, your certificate will be suspended. On the other hand, if both required CPE credits and AMF payment are met, your membership will be renewed for a new three-year certification cycle.

Group A and Group B CPE credits

Understanding Group A and Group B CPE credits is a prerequisite to comprehending CPE credits altogether. Let’s look at them in a little more detail.

Group A CPE credits 

They involve domain-related activities. That means that these activities must be related to specific domains of the respective credential (e.g., CCSP, CISSP, CSSLP, SSCP, CAP and so forth).

Examples of Group A activities are listed below:

  • Taking an online self-paced, blended or instructor-led educational course
  • Reading a magazine, book or whitepaper
  • Publishing a book, whitepaper or article
  •  Attending a conference (in-person or virtual), educational course, seminar or presentation
  • Preparing for a presentation or teaching information related to information security
  • Performing a unique work-related project that is not a part of your normal work duties
  • Self-study related to research for a project or preparing for a certification examination
  • Volunteering for government, public sector, and other charitable organizations
  • Taking a higher education course

Group B CPE credits 

They are related to general professional development activities that are not applied directly to your certification domains. These activities help enhance your education, knowledge, professional skills or competency outside of domains. General professional development activities include programs such as management courses or professional speaking. Examples are given below:

  • Attending non-security industry conferences
  • Participating in non-security education courses
  • Preparing for non-security presentation/lecture/training
  • Non-security government/private sector/charitable organizations committee

CPE policies and procedures

You must complete one or more of the above CPE activities during the three years of each certification cycle, rather than at the end of your certification cycle or after the certification expiration date.

Excess credits earned within the last six months of the three-year certification cycle can be rolled over and used towards the requirements of the first year of the next cycle.

You can earn CPEs by participating in various activities within the following categories:

  • CPE credits offered by (ISC)²
  • Unique work experience (Group A)
  • Contribution to the profession (Group A)
  • Education (Group A or B)
  • Professional development (Group B)

Type Suggested Annual 3-Year Total

Group A 20 60

Group A or B 10 30

Total Required 30 90

Normally, professionals earn one CPE credit per one hour of time spent in an activity, but exceptions are made for particular complexity. CPE credits may be reported in 0.25, 0.50 and 0.75 increments.

CPE credits offered by (ISC)²

You can earn Group A CPE credits by attending or participating in the events and activities offered by (ISC)². Some examples are below:

  • (ISC)²  Certification Course
  • (ISC)²  Chapter Meeting
  • (ISC)²  InfoSecurity Professional Magazine (2 CPE credits per issue with passed quiz)
  • (ISC)²  Exam Development Subject Matter Experts
  • (ISC)²  Professional Development Institute (PDI) Course
  • (ISC)²  Safe and Secure Volunteer Training (1 CPE credit)
  • (ISC)²  Security Congress
  • (ISC)²  Webinar – Solutions Summit (3 CPE credits)
  • (ISC)²  Webinar – Regional (EMEA and APAC)
  • (ISC)²  Webinar – Security Briefing (1 CPE credit)

Some of these CPE activities are automatically added to your record and are not subject to auditing.

Unique work experience

You can earn up to 10 Group A CPE credits for unique activities related to the credential domains performed during regular working hours but outside of the normal scope of the position.

Each hour of participation results in a self-reported credit (up to 10). Auditing is possible, and the professional might be asked to provide proof or a brief description (no more than 250 words) of the project.

Contributions to the profession

You can earn Group A CPE credits for creating new content for topics related to your credential. Qualifying activities include:

  • Writing, researching and publishing (40 credits for authoring a book, 10 for editing)
  • Preparing a webinar, podcast or presentation
  • Preparing non-(ISC)² new or updating existing training seminar or classroom material (from two credits for a one-day course to 20 for a semester of 12 or more weeks)
  • Serving as Subject Matter Expert (SME) for a panel discussion


You can earn Group A CPE credits for self-directed learning activities. Here are some examples:

  • Book, magazine or whitepaper (five CPE credits per book or magazine and one CPE credit per whitepaper)
  • Courses and seminars
  • Higher education course
  • Industry conference (in-person or virtual)
  • Online webinars and podcasts

Credits are self-reported and might be audited. You may be required to provide a brief description (no more than 250 words) of what you learned and proof of attendance/transcript/possession of the material. Activities that are specifically related to the certification domains will be considered group A. All others, group B.

Professional development

You can earn Group B CPE credits for activities that, although not specifically related to the domains, are still valuable for the professional’s development, such as enhancing management skills, interpersonal communication, project planning and team building. Examples include:

  • Chapter formation or management
  • Non-security industry conference
  • Non-security education courses and seminars
  • Non-security government/private sector/charitable organizations committees
  • Preparation for non-security presentation/lecture/training

Each hour of participation equals one CPE credit for Group B for a maximum of 40. Auditing is possible.

Maintaining multiple credentials

In addition to CCSP, (ISC)² also offers various other certifications, including CISSP, CSSLP, SSCP, CAP, HCISPP, ISSAP, ISSEP and ISSMP. If you hold any other certification(s) along with CCSP, (ISC)² automatically counts your CPE credits toward all active credentials you hold as of the completion date. As an (ISC)² member, you are only required to enter your CPE activities in a record or member database one time, rather than multiple times.

Audit of CPE credits

The CPE credits you earn may be randomly audited by the (ISC)² CPE Auditors. You must provide a brief description of your activity (Group A or B or both) or proof of your attendance. Audits of CPE credits are valuable as they provide compliance with ANSI/ISO standards for credentials and uphold the integrity of (ISC)² certifications.

Once you are selected for an audit, you will be informed via email that you are required to respond within 90 days of the notice.

It is good to retain proof of credits for at least 12 months after the expiration of the certification cycle: for example, a course transcript, receipts of attendance, official meeting minutes, a sales receipt for a book or a library record.

Dispute regarding CPE status

If any dispute regarding CPE status occurs, you may submit a complaint to the (ISC)² Board of Directors within 90 days from the date of denial. Your written appeal must not consist of more than two pages and needs to contain the rationale and any relevant documentation; it is sent to Member Support at The decision of the Board shall be considered final.

Can I regain membership if my certification has been suspended?

Yes, you can regain membership if your certification has been suspended. Suspension occurs due to the failure to achieve three years’ worth of CPE credits or payment of AMF renewal requirements within 90 days following the certification expiration date. The notice of suspension is issued by email. Suspension status may be maintained for up to two consecutive years. After that, certified members and Associates of (ISC)² will be terminated, and all membership rights will be revoked.

If your certification is suspended or terminated, you have the right to file an appeal. If you cannot report your CPE credits or make your AMF payment within a deadline, you can ask for assistance from the Member Services Department.

Being reinstated will require you to retake and pass the examination and pay the $600 reinstatement fee.

(ISC)² also offers you a grace period, allowing you to submit missing CPE credits within 90 days following the certification expiration date.

How long is the CCSP certification good for?

Your CCSP certification is good for three years. However, the member must meet certain requirements to keep his certification active and valid. These requirements include attaining 30 CPE credits each year and 90 CPE credits for the three-year certification cycle. In addition, paying an AMF of $125 and complying with the (ISC)² Code of Ethics is also necessary.

Do I have to retake the exam?

If your previous certification has been terminated, you can retake the exam to recertify. The process for retaking the exam is the same as the first time around. For example, you will schedule the exam, pay the AMF and pass the exam. Once you meet all these requirements, the Member Services Department will reactivate your certification. After that, you need to maintain your certification to avoid suspension and eventually termination again.

What are the benefits of maintaining my CCSP certification?

The CCSP certification is a globally recognized credential that builds your career in the cloud security realm. Your CCSP credential ensures that you have advanced technical skills and knowledge to design, manage and secure applications, data and infrastructure in the cloud employing best practices, policies and procedures. Maintaining your CCSP certification have various other benefits, including:

  • Peer networking, mentoring and global resources
  • A plethora of promotions and job opportunities in the cloud security realm
  • Having access to expert guidance, a variety of research and industry insight to support continuous and diverse education
  • Having an association with global recognition and value and ethics of (ISC)² credentials

Earn your CCSP, guaranteed!

Earn your CCSP, guaranteed!

Save your spot for an upcoming CCSP Boot Camp and earn one of the most in-demand cloud security certifications — guaranteed!

Pursuing the CCSP certification

The CCSP certification is ideal for IT and information security leaders responsible for applying best practices to cloud security architecture, design, operations and service orchestration. Therefore, it is a good option for roles as security and systems engineers, enterprise and systems architects, and security consultants.

Once the credential is earned, it is important that the professional keeps in good standing and continues to keep updated through development and educational opportunities.

For more on the CCSP certification, check out our CCSP certification hub.


Fakhar Imam
Fakhar Imam

Fakhar Imam is a professional writer with a master’s program in Masters of Sciences in Information Technology (MIT). To date, he has produced articles on a variety of topics including on Computer Forensics, CISSP, and on various other IT related tasks.