Earning CPE credits to maintain the CISSP

Aroosa Ashraf
March 2, 2022 by
Aroosa Ashraf

Every CISSP holder has to earn continuing professional education (CPE) credits to maintain their CISSP certification. It is a significant achievement to earn your CISSP, and the CPE requirements ensure that CISSP certification holders remain knowledgeable about the current industry developments.

CPE requirements can be fulfilled by attending conference calls, seminars, webinars and industry conventions, and through self-study. You have to keep CPE certificates and attendance files and ISC2 management may verify the CPE credit compliances at any time.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

CISSP CPE policies and guidelines

All CISSP holders are required to earn 120 CPEs every three years; however, the ISC2 CPE handbook suggests earning 40 CPEs annually so that CISSP holders don't fall behind on their continuing education and can easily maintain their certification.

The handbook provides a clear overview of the various activities that count for CPE credits. Some types of CPE credits may align with your day-to-day job duties and ongoing skill development. Other types of CPE credits may align with activities and projects that may fit outside your normal duties. It is up to CISSP holders to follow proper CPE credit guidelines to accurately calculate their CPEs.

What are the general CPE requirements for CISSPs?

The CPE credits are categorized into two groups.

“Group A” credits are given for activities that are directly domain-related.

“Group B” credits are awarded for activities outside the main domain that can still enhance the general professional competencies and skills of the CISSPs. They can be earned by completing activities associated with general professional development to enhance your overall education, competency, professional skills, or knowledge outside of the credential's specific domains. These activities traditionally include professional development programs such as the preparation for management courses or professional speaking. Although these activities do not directly apply to the domains, they are recognized as skills that can play a vital role in your overall professional growth.

Every CPE activity should be earned and completed during the certification cycle and not after the certification expiration date. Sometimes CISSPs are allowed a grace period for submitting CPE credits, but the credits have to be acquired before the certificate expiration date.

What happens if you fail to have the required CPE credits?

CISSPs must meet minimum CPE credits and failure to meet these requirements may result in suspension and loss of their certification. The suspension will be lifted only after the minimum annual CPE credits are met. Usually, candidates get a 90-day grace period to earn and submit their required CPE credits.

CISSPs have the option to file an appeal if they are decertified.

What CPE activities are available?

Typically, the work carried out as part of a CISSP's normal duty will not be considered for CPE credits. If you do additional unique work in your workplace outside your normal daily duties, you may receive some CPE credits for those unique assignments.

As the handbook states, "Members and associates can earn up to 10 Group A CPE credits for activities performed during their regular working hours when they are engaged in unique projects, assignments, activities or exercises. The unique project, assignment, activity or exercise must fall outside of their normal (or day-to-day) job responsibilities or job description."

CISSPs should note that if they are attending conferences or receiving training, they can claim CPE credits in the respective categories, whether they were from attendance or from work done on the job.

Examples of “Group A” and “Group B” credits

Group A

  • Taking an online self-paced, blended or instructor-led educational course
  • Reading a magazine, book or whitepaper
  • Publishing a book, whitepaper or article
  • Attending a conference (in-person or virtual), educational course, seminar or presentation
  • Preparing for a presentation or teaching information related to information security
  • Performing a unique work-related project that is not a part of your normal work duties
  • Self-study related to research for a project or preparing for a certification examination
  • Volunteering for government, public sector, and other charitable organizations
  • Taking a higher education course

Group B

  • Attending non-security industry conferences
  • Participating in non-security education courses
  • Preparing for non-security presentation/lecture/training
  • Non-security government/private sector/charitable organizations committee

How are CPE credits calculated?

CPE credits are calculated as per activity; below are common categories where CISSPs can earn credits for each activity. Generally, one-hour CPE credit can be earned for every one hour spent in any activity related to education. However, several activities will give you more credits because of the depth of study involved or the amount of commitment required. Typically, you cannot earn CPE credits through your normal day-to-day job activities.

Attending educational and training seminars or courses 

Attending educational and training seminars or courses can give you “Group A” or “Group B” credits for every hour of attendance. “Group B” credits are earned when the training courses or seminars are not associated with the domains of a credential.

Attending conferences 

Similarly, one CPE credit can be earned for every hour of attendance or for every session of a conference. “Group A” credits can be obtained for cyber-security conferences, whereas other educational conferences will give you “Group B” credits.

Attending presentations from vendor 

You can earn only one “Group A” CPE credit for every one hour of attendance at any presentation from a vendor. The presentation has to be educational and associated with the credential domains.

Higher academic course completion 

One CPE credit can be earned for every hour spent in a higher academic course class. The class may be taken online. The credits will be given only after the course has been successfully completed and passed. “Group A” credit is given for courses related to the credential domains; otherwise, the credit earned is for the “Group B” category.

Preparations for training, lectures or presentations 

CPE credits can also be earned for the time spent preparing training, lectures, or presentations. However, they have to be non-work-related and no CPE credits can be earned for the time spent while presenting them. The credits will be of “Group A” category when the training, lectures, or presentations are directly related to credential domains; otherwise “Group B” credits are earned. No credits can be earned for training or teaching courses involving multiple days (or even of long duration, i.e., weeks or months).

Security book or article publication 

Publication of a security book or article can earn you “Group A” CPE credits if it is the first publication in a magazine or journal, but the article should be related to the credential domains. Either print or electronic publication is eligible for credits. Only “Group A” credits can be earned through this route.

Performing security-related board services 

Security-related board services can earn you “Group A” credits only. The CPE credits will be awarded on the basis of the contribution level as determined by the relevant organization board or parent company. It is recommended that you document your service hours through a signed statement from any officer of that organization, or you may attest your own CPE credits if the organization fails to do so.

Completing self-study

A CPE credit can be earned by attending podcasts, webcasts, or CBT (computer-based training) for every hour of such activities. The credits will be of “Group A” category when the podcasts, webcasts, or CBT are directly related to credential domains; otherwise “Group B” credits are earned. However, there is a restriction to the number of CPE credits that can be submitted for podcasts, webcasts, or CBT.

Studying cybersecurity magazines or books 

You can earn specific CPE credits for reading cybersecurity magazines or books; only “Group A” credits can be earned.

Whitepaper reading

You can claim CPE credits for reading whitepapers published on authentic websites. You have to write a short summary of the contents that you studied, including the details of the website. The website must be accessible without any restrictions. Only “Group A” credits can be earned.

Security whitepaper writing 

Writing whitepapers can give you “Group A” credits after they are published on any valid or authentic organizational website. The whitepaper has to be at least two pages long and should be accessible without any restriction.

Reading the InfoSecurity Professional magazine

Reading the InfoSecurity Professional magazine can give you “Group A” credits for every issue. This is a members-only online magazine. You may need to pass an online quiz that is related to the magazine's content.

Cybersecurity book reviews 

You can earn “Group A” credits by reviewing cyber-security books. Credits are given for every book reviewed. The review must be of a specified length.

Volunteering for charitable organizations, public sector, or government  

“Group A” CPE credit can be earned for every hour of volunteer work. You have to retain a signed confirmation on the letterhead of the organization clearly indicating the volunteer work hours performed related to the credential domain.

Volunteering for meetings of cyber-security and information systems

Attending and volunteering for meetings of cyber security and information systems can give you “Group A” or “Group B” credits, depending on the relation of the meeting to the credential domains.

Safe and Secure Online program 

Completion of the Safe and Secure Online program can give you “Group A” credits. You may also attend in-person orientations from ISC. You have to complete and pass the online orientation quiz after attending the Safe and Secure Online program.

Earn your CISSP, guaranteed!

Earn your CISSP, guaranteed!

Get live, expert CISSP training from anywhere. Enroll now to claim your Exam Pass Guarantee!

Performing unique on-the-job activities and projects

You can earn “Group A” CPE credits for unique on-the-job activities and projects during your normal working hours.

Preparation of new or updating existing classroom, seminars, and training materials

“Group A” credits can be earned by preparing new or updating existing classroom, seminar and training materials. However, the materials should be new and not repeated or recycled and no CPE credits are awarded for the time spent presenting the material.

Maintaining your CISSP

CPE credits are necessary for every CISSP holder. Earning credits not only helps individuals maintain their certification but also helps them grow as professionals. The CPE credit system is designed to ensure that ISC2 members keep up with the ever-expanding knowledge in the field of information security and thus remain competitive.

Aroosa Ashraf
Aroosa Ashraf

Aroosa Ashraf is a trained and registered pharmacist from the Government College University of Faisalabad (GCUF). She completed her graduation in 2013. She is an experienced researcher and technical writer and for the last 4 years, she is working as a writer on different platforms. Currently, she is writing many technical and non-technical articles for her national and international clients.