cissp cpe credits

The Comprehensive Guide To Earning CISSP CPE Credits in 2024

To maintain their CISSP certification, all CISSP holders must earn continuing professional education (CPE) credits. Read on to know all about CISSP CPE credits.

Updated at May 22, 2022

To maintain their CISSP certification, all CISSP holders must earn continuing professional education (CPE) credits. Earning your CISSP is a significant achievement, and the CPE requirements ensure that CISSP certification holders stay updated on industry developments.

Attending conference calls, seminars, webinars, and industry conventions, as well as self-study, can help you meet the CPE requirements. CPE certificates and attendance files must be kept and (ISC)2 management may verify CPE credit compliance at any time.

Follow this article carefully to know all about CISSP CPE credits.

What Is The CPE Requirement?

During their three-year certification cycle, certified (ISC)2 members must earn and submit CISSP continuing education credits. The total number of CPE credits earned throughout the course of a three-year certification cycle must equal the minimum CPE credits necessary. To assist you to maintain your certification, (ISC)2 suggests an annual minimum.

Associates of (ISC)2 are expected to earn and submit Group A CPE credits each year.

These CPE credits can be earned by participating in the following learning activities:

  • CPE activities offered by (ISC)2
  • CPE categories
    • Education (Group A or B)
    • Contributions to the Profession (Group A)
    • Professional Development (Group B)
    • Unique Work Experience (Group A)



Suggested Annual 

3-year Total


Group A

Group A or B

Total Required







CISSP Concentrations

Group A

Total Required




If you have a CISSP concentration, 20 of the total Group A CPE credits required in the three-year CISSP cycle must be directly related to your concentration. You must earn 20 credits in each of your concentrations if you have more than one. Concentration CPE requirements are automatically counted toward the CISSP CPE requirement.

What Happens If You Fail To Have The Required Cpe Credits?

cissp cpe credits

CISSPs must earn a certain amount of CPE credits, and failure to do so may result in their certification being suspended or lost. Only after completing the necessary annual CPE credits will the suspension be lifted. Candidates usually have 90 days to earn and submit their required CPE credits.

If CISSPs are decertified, they have the option to appeal.

CPE Policies and Procedures

Certified members and Associates of (ISC)2 must earn a minimum of CPE credits and pay an Annual Maintenance Fee (AMF) to maintain certification and associate status.

Both requirements are essential to maintain your excellent standing.

CPE activities must be completed by qualified members during the three-year certification cycle and no later than the certification expiration date (end of certification cycle). CPE activities for Associates of (ISC)2 must be completed within their annual cycle.

Certified members (single or multi-certified) need to pay an annual membership fee of $125, which is due on the member’s first day of their certification cycle and is due on the same date each year. The anniversary of a member’s certification is the start date for their certification cycle. Associates of (ISC)2 need to pay an annual maintenance fee of $50, which is due on the first anniversary of the associate’s cycle and is due on the same date each year.

Certified members will be recertified to a new three-year certification cycle when the required CPE credits and AMF payment requirements are met at the end of the three-year certification cycle. When the needed CPE credits and AMF payment requirements are met at the end of the one-year associate cycle, the associate designation will be renewed for another one-year cycle.

Group A and Group B CISSP CPE Credits

cissp cpe credits

Group A Credits: Domain-Related Activities

Group A credits are directly related to activities in the areas covered by the relevant credential’s specific domains.

The following are some examples:

  • Taking a self-paced, blended, or instructor-led educational course online.
  • Reading a book, magazine, or whitepaper.
  • Publishing a book, article, or whitepaper.
  • Attending a conference (in-person or virtual), seminar, educational course, or presentation.
  • Preparing for teaching information or a presentation related to information security.
  • This does not apply to the (ISC)2 Official Training Courses.
  • Taking on a unique work-related project that is not a part of your regular responsibilities.
  • Self-study for purposes of conducting research for a project or preparing for a certification exam.
  • Volunteering for the public sector, government, and other charitable organizations.
  • Attending a higher education course.

Group B Credits: Professional Development

General professional development activities that enhance your overall professional skills, knowledge, education or competency outside of the domains associated with the individual certifications earn you Group B credits. Programs such as professional speaking or management courses are common examples. While not directly related to the domains, (ISC)2 knows the significance of these skills in the development of all professionals and their certifications.

The following are some examples:

  • Attending conferences in the non-security industry.

  • Attending non-security education courses.

  • Preparing for non-security presentation/training/lecture.

  • Non-Security Government/Charitable Organizations Committee/Private Sector.

How to Calculate CISSP CPE Credits

The number of credits you can earn for each activity will be listed in the CPE categories. One CPE credit is provided for every hour spent participating in an activity. CPE credits can be given in increments of 0.25, 0.50, and 0.75. Some activities, however, are worth more credits because they need more in-depth study or ongoing commitment. Normal on-the-job activities do not earn CPE credits in general.

If the CPE activity took place over several days, the end date is used to determine certification cycle eligibility. The CPE credit can be applied to any cycle that was active on September 5, 2022, for example, if the activity began on August 1, 2022, and ended on September 5, 2022.

How to Earn CISSP CPE Credits

cissp cpe credits

CPE credits are calculated for each activity; below are some of the most common categories for which CISSPs can earn credits. In general, one hour of CPE credit can be obtained for every hour spent in any activity related to education.  Several activities, however, will earn you more credits due to the amount of study necessary or the time commitment required. Normally, you cannot obtain CPE credits through your normal work activities.

Attending educational and training seminars or courses 

For every hour of attendance at educational and training seminars or courses, you can receive “Group A” or “Group B” credits. When training courses or seminars are not associated with the domains of a certificate, “Group B” credits are earned.

Attending conferences 

Similarly, for every hour of attendance or conference session, one CPE credit can be earned. Cyber-security conferences will earn you “Group A” credits, whereas other educational conferences will earn you “Group B” credits.

Attending presentations from vendors 

For every one hour of attendance at any vendor presentation, you can earn only one “Group A” CPE credit. The presentation must be comprehensive and relevant to the credential domains.

Higher academic course completion 

For every hour spent in a higher academic course class, one CPE credit can be earned. The course can be completed online. Only after the course has been completely completed and passed will the credits be given. For courses relating to the certification domains, “Group A” credit is given; otherwise, credit is earned in the “Group B” category.

Preparations for training, lectures or presentations 

CPE credits can also be earned for the time spent preparing lectures, training, or presentations. They must, however, be unconnected to work, and no CPE credits can be earned for the time spent presenting them. When the training, lectures, or presentations are directly related to credential domains, the credits will be of the “Group A” category; otherwise, “Group B” credits will be earned. There are no credits offered for multi-day training or teaching courses (or even of long duration, i.e., weeks or months).

Security book or article publication 

If you write a security book or article for the first time in a magazine or journal, you can earn “Group A” CPE credits, but the article must be related to the credential domains. Credits are provided for both print and internet media. This path allows you to earn only “Group A” credits.

Performing security-related board services 

Only “Group A” credits can be obtained for security-related board services. CPE credits will be provided based on the level of contribution determined by the appropriate organization’s management board or parent corporation. It is recommended that you verify your service hours with a signed statement from an officer of that organization, but if the organization fails to do so, you may attest your own CPE credits.

Completing self-study

Attending podcasts, webcasts, or CBT (computer-based training) can earn you a CPE credit for every hour spent doing that. When the podcasts, webcasts, or CBT are directly related to certification domains, the credits will be of the “Group A” category; otherwise, “Group B” credits will be awarded. However, the number of CPE credits that can be submitted for podcasts, webcasts, or CBT is restricted.

Studying cybersecurity magazines or books 

Reading cybersecurity magazines or books can earn you specific CPE credits; only “Group A” credits can be acquired.

Whitepaper reading

CPE credits can be earned by reading whitepapers on reputable websites. You must present a short summary of the contents you researched, including website information. The website must be freely accessible to everyone. Only “Group A” credits are eligible for earning.

Security whitepaper writing 

After they are published on any valid and authentic organizational website, whitepapers might gain you “Group A” credits. The whitepaper should be at least two pages long and open to the public without restriction.

Reading the InfoSecurity Professional magazine

Every issue of the InfoSecurity Professional magazine can gain you “Group A” credits. It is an online magazine for members only. You may be required to complete an online quiz related to the content of the magazine.

Cybersecurity book reviews 

Reviewing cyber-security books can earn you “Group A” credits. Every book reviewed gets the credit. The review must be a certain length.

Volunteering for charitable organizations, government, or the public sector  

Every hour of voluntary activities can earn you “Group A” CPE credit. You must keep a signed confirmation on the organization’s letterhead that clearly states the voluntary work hours related to the credential domain.

Volunteering for cyber–security and information systems meetings

Attending and volunteering for meetings on cyber security and information systems can give you “Group A” or “Group B” credits, depending on the relation of the meeting to the credential domains.

Safe and Secure Online program 

The Safe and Secure Online program might get you “Group A” credits if you finish it. You can also attend ISC’s in-person orientations. After attending the Safe and Secure Online program, you must complete and pass the online orientation quiz.

Taking unique on-the-job activities and projects

During your normal working hours, you can earn “Group A” CPE credits for unique on-the-job activities and projects.

Preparation of new or updating existing seminars, classrooms, and training materials

Prepare new or updated existing classroom, seminar, and training materials to gain “Group A” credits. The materials should, however, be new and should not be reproduced or recycled, and no CPE credits are given for the time spent presenting the material.

How to Maintain Your CISSP

If you hold more than one (ISC)2 credential as an (ISC)2 member, the CPE credits you submit will be assigned to all of your active credentials as of the completion date. Members and associates should not record CPE activities more than once in their records (member database).

When submitting Group A credits, make sure to include those relevant domains in your CPE submission. When a member holds several credentials, the CPE credits will be applied as Group A credits to each credential. Choosing “None of the Above” in the CPE portal applies Group B credits to your other credentials if an activity does not relate to your other credentials as a domain-related activity.


CISSP CPE credits are necessary for every CISSP holder. Credits not only help people keep their credentials, but they also help them grow as professionals. The CPE credit system was created to ensure that (ISC)2 members keep up to date with the field of information security’s ever-expanding knowledge and so remain competitive.

Don’t forget to take our free CISSP practice test to get familiarized with the format as well as the questions of the actual exam to strengthen your knowledge and skills, as a result, enhancing your chance to pass the CISSP exam with a high score on your first attempt. Good luck to you!