Earning CPE credits to maintain the CISSP
Every CISSP holder has to earn continuing professional education (CPE) credits to maintain their CISSP certification. Earning your CISSP is a significant achievement, and the CPE requirements ensure that CISSP certification holders remain knowledgeable about current industry developments.
You can fulfill CPE requirements by attending conference calls, seminars, webinars and industry conventions, and through self-study. You have to keep CPE certificates and attendance files, and ISC2 management may verify CPE credit compliance at any time.
Want more career and certification tips? Download your free Cybersecurity salary guide and Cybersecurity career roadmap ebook.
Earn your CISSP, guaranteed!
CISSP CPE policies and guidelines
All CISSP holders are required to earn 120 CPEs every three years. However, the ISC2 CPE handbook recommends earning 40 CPEs annually so that CISSP holders don’t fall behind on their continuing education and can easily maintain their certification.
The handbook provides a clear overview of the various activities that count for CPE credits. Some types of CPE credits may align with your day-to-day job duties and ongoing skill development. Other kinds of CPE credits may align with activities and projects that may extend beyond your normal duties. It’s up to you as a CISSP holder to follow proper CPE credit guidelines to accurately calculate your CPEs.
What are the general CPE requirements for CISSPs?
The CPE credits are categorized into two groups.
“Group A” credits are given for activities that are directly domain-related.
“Group B” credits are awarded for activities outside the main domain that can still enhance the general professional competencies and skills of the CISSPs. You can earn them by completing activities associated with general professional development to enhance your overall education, competency, professional skills or knowledge outside of the credential’s specific domains.
These activities traditionally include professional development programs such as preparing for management courses or professional speaking. Although they don’t directly apply to the domains, they’re recognized as skills that can be vital to your overall professional growth.
You must complete every CPE activity during the certification cycle and not after the expiration date. Sometimes, CISSPs are allowed a grace period for submitting CPE credits, but the credits have to be acquired before your certification expires.
What happens if you fail to have the required CPE credits?
CISSPs must meet minimum CPE credits, and failure to meet these requirements may result in suspension and loss of their certification. The ISC2 will only lift the suspension after you’ve met the minimum annual CPE credits. Usually, candidates get a 90-day grace period to earn and submit their required CPE credits.
CISSPs have the option to file an appeal if they get decertified.
What CPE activities are available?
Typically, the work carried out as part of a CISSP’s normal duty will not be considered for CPE credits. If you do additional unique work in your workplace outside your regular daily duties, you may receive some CPE credits for those unique assignments.
More specifically, the handbook states, “As an associate or member, you can earn Group A CPE credits for activities performed during your regular working hours when you are engaged in unique projects, assignments, activities or exercises. The unique project, assignment, activity or exercise must fall outside your normal (or day-to-day) job responsibilities or job description. Maximum number of CPE credits per entry may not exceed 10.”
CISSPs should note that if they’re attending conferences or receiving training, they can claim CPE credits in the respective categories, whether from attendance or work done at the conference.
Examples of “Group A” and “Group B” credits
Group A
- Taking an online self-paced, blended or instructor-led educational course
- Reading a book or whitepaper pertaining to a CISSP domain
- Publishing a book, whitepaper or article
- Attending a conference (in-person or virtual), educational course, seminar or presentation
- Preparing for a presentation or teaching information related to information security
- Performing a unique work-related project that is not a part of your normal work duties
- Self-study related to research for a project or preparing for a certification examination
- Volunteering for government, public sector and other charitable organizations
- Taking a higher education course
Group B
- Attending non-security industry conferences
- Participating in non-security education courses
- Preparing for non-security presentations/lectures/trainings
- Performing work for a non-security government/private sector/charitable organizations committee
- Volunteer activities, such as teaching others about cybersecurity, doing community projects or serving on a committee
Earn your CISSP, guaranteed!
How are CPE credits calculated?
CPE credits are calculated per activity; below are common categories where CISSPs can earn credits for each activity. Generally, you earn one hour of CPE credit for every hour spent on the related activity. However, several activities will give you more credits because of the depth of study involved or the amount of commitment required. Typically, you cannot earn CPE credits through your normal day-to-day job activities.
You also can’t claim more than 40 CPE credits for a single activity.
How to make sure you complete your CPE credits on time
If a CPE activity occurs over multiple days, the last day is the one used to determine when the credits were earned. For instance, if you attended a conference that began on April 1st and ended on April 8th, the date for the credits earned would be April 8th. So, it’s important to time your credit-earning activities with this in mind, especially if you’re trying to complete them before your recertification deadline.
Attending educational and training seminars or courses
Attending educational and training seminars or courses can give you “Group A” or “Group B” credits for every hour of attendance. You earn “Group B” credits when the training courses or seminars are not associated with any of the domains of your credential.
Attending conferences
Similarly, you can earn one CPE credit for every hour of attendance or every conference session. You can obtain “Group A” credits for cybersecurity conferences, whereas you can use other educational conferences for “Group B” credits.
Attending presentations from a vendor
You can earn “Group A” CPE credit at a presentation from a vendor. The presentation has to be educational and associated with your credential’s domains.
Higher academic course completion
You can earn one CPE credit for every hour in a higher academic course. You may take the class online. You will only get the credits after successfully completing and passing the course. “Group A” credit is given for courses related to the credential domains; otherwise, the credit earned is for the “Group B” category.
Preparations for training, lectures or presentations
You can also earn CPE credits for the time spent preparing training, lectures or presentations. However, they have to be non-work-related, and you cannot earn any CPE credits for the time spent presenting them. The credits will be of “Group A” category when the training, lectures or presentations are directly related to credential domains; otherwise, “Group B” credits are earned.
Security book or article publication
Publication of a security book or article can earn you “Group A” CPE credits, but the article should be related to the credential domains. Either print or electronic publication is eligible for credits. Only “Group A” credits can be earned through this route.
Performing security-related board services
Security-related board services can earn you “Group A” credits only. The CPE credits will be awarded on the basis of the contribution level as determined by the relevant organization board or parent company. ISC2 recommends that you document your service hours through a signed statement from any officer of that organization, or you may attest your own CPE credits if the organization fails to do so.
Completing self-study
You can earn a CPE credit by attending podcasts, webcasts or CBT (computer-based training) for every hour of such activities. The credits will be of “Group A” category when the podcasts, webcasts or CBT are directly related to credential domains. Otherwise, “Group B” credits are earned. However, there is a restriction to the number of CPE credits you can submit for podcasts, webinars or CBT.
Studying cybersecurity magazines or books
You can earn specific CPE credits for reading cybersecurity magazines or books; only “Group A” credits can be earned.
Whitepaper reading
You can claim CPE credits for reading whitepapers published on authentic websites. You have to write a short summary of the contents that you studied, including the details of the website. The website must be accessible without any restrictions. Only “Group A” credits can be earned.
Security whitepaper writing
Writing whitepapers can give you “Group A” credits after they are published on any valid or authentic organizational website. The whitepaper has to be at least two pages long and should be accessible without any restriction.
Cybersecurity book editing
You can earn “Group A” credits by reviewing cybersecurity books. You can earn up to 10 credits per book you edit.
Volunteering for charitable organizations, public sector or government
You can earn “Group A” CPE credit for every hour of volunteer work. You have to retain a signed confirmation on the organization’s letterhead clearly indicating the volunteer work hours performed related to the credential domain.
Volunteering for meetings of cybersecurity and information systems
Attending and volunteering for cybersecurity and information systems meetings can give you “Group A” or “Group B” credits, depending on the relation of the meeting to the credential domains.
Safe and Secure Online program
Completion of the Safe and Secure Online program can give you “Group A” credits. You may also attend in-person orientations from ISC. You have to complete and pass the online orientation quiz after attending the Safe and Secure Online program.
Performing unique on-the-job activities and projects
You can earn “Group A” CPE credits for unique on-the-job activities and projects during your normal working hours.
Preparation of new or updating existing classroom, seminar and training materials
You can earn “Group A” credits by preparing new or updating existing classroom, seminar and training materials. However, the materials should be new and not repeated or recycled. Also, you can’t earn CPE credits for the time you spend presenting the material.
Earn your CISSP, guaranteed!
Maintaining your CISSP
CPE credits are necessary for every CISSP holder. Earning credits not only helps individuals maintain their certification but also helps them grow as professionals. The CPE credit system is designed to ensure that ISC2 members keep up with the ever-expanding knowledge in the field of information security and thus remain competitive.
To learn more about how to leverage your CISSP to boost your career, check out our Cybersecurity certifications and skills ebook, which covers in-demand certifications and skills to help you advance your career.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- Earning CPE credits to maintain the CISSP
- CISSP domains overview: Your complete preparation guide
- Mitigating access control attacks in the CISSP exam
- CISSP DoD 8140: What changed from DoD 8570?
- CISSP jobs in 2025: Cybersecurity manager outlook and career opportunities
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring
- CISSP interview prep: 10 common questions and answers
- CISSP resources: Free books, videos, practice exams and other study tools
- CISSP certification cost and requirements (2025): Your complete preparation guide
- Perimeter defenses: What you need to know for the CISSP exam
- Understanding control frameworks and the CISSP
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- Due care vs. due diligence: What you need to know for the CISSP exam
- The ISC2 code of ethics: A binding requirement for certification
- Security governance principles: What you need to know for the CISSP exam
- Understanding access control: A CISSP certification guide
- Renewal requirements for the CISSP certification
- Secure communication channels: What you need to know for the CISSP exam
- Risk management concepts and the CISSP
- CISSP: Business continuity planning and exercises
- Data and system ownership in the CISSP exam
- Information and asset classification in the CISSP exam
- Incident management and the CISSP exam: What you need to know
- CISSP prep: Security policies, standards, procedures and guidelines
- Data security controls and the CISSP exam
- CISSP: Disaster recovery processes and plans
- Vulnerability and patch management in the CISSP exam
- Secure system design principles: CISSP exam concepts and frameworks
- Certification and accreditation: What’s on the CISSP exam?
- Change management and the CISSP
- Threat modeling and the CISSP
- CISSP exam questions: 5 drag & drop and hotspot questions
- CISSP certification salary: A comprehensive 2025 salary guide
- 8 tips for CISSP exam success in 2025
- Environmental controls and the CISSP
- The CISSP experience waiver [updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- CISSP domain - Physical and environmental security
