CISSP CPE Requirements: Keeping Your Certification Current

What Are CISSP CPE Requirements?

(ISC)²’s most prestigious certification is the CISSP. If you hold CISSP certification, you must obtain 40 CISSP CPE credits every year, for a total of 120 CPE credits throughout a three-year renewal term. You must obtain at least 90 CISSP CPE credits from the group A CPE credits category in particular. You can earn the remaining 30 CPE credits from either Group A or Group B. When participating in CISSP CPE activities to obtain CPE credits, ensure that your CPE credits correspond with these CISSP CPE standards.

Every CPE activity should be earned and completed during the certification cycle, not after it has expired. CISSPs are often given a grace period for submitting CPE credits; however, the credits must be obtained before the certificate expiration date.

CISSPs must maintain a minimum number of CPE credits, and failure to do so may result in suspension and loss of certification. The suspension will be lifted only when the required yearly CPE credits are obtained. Candidates often have a 90-day grace period to obtain and submit their requisite CPE credits.

If they are decertified, CISSPs have the ability to file an appeal.

What Are The CISSP CPE Credits?

So, what exactly are CPE Credits for meeting CISSP CPE requirements? Continue reading for more in-depth information.

There are several guidelines to follow when earning (ISC)² CPE credits. (ISC)² divides CPE credits into two categories.

Group A credits are awarded for actions that are directly related to the specified domains of the individual certification.

Group B credits are given for actions outside of the core area that can nonetheless improve the CISSPs’ overall professional competencies and skills. They can be obtained by completing activities related to broad professional development in order to improve your overall education, competency, professional abilities, or knowledge outside of the specialized fields of the credential. Professional development programs, such as preparation for management courses or professional speaking, have typically been included in these activities. Although these activities are not directly related to the domains, they are acknowledged as abilities that may help you advance professionally.

A certified professional is expected to achieve a particular amount of CPE credits from these two CPE credit areas, according to (ISC)². Each (ISC)² certification requires a unique set of CPE credits from each organization. The CPE requirements for each (ISC)² certification are shown in the table below.

(Source: Masterofproject)

If you have one of the (ISC)² certifications, you must obtain (ISC)² CPE credits based on these CPE criteria every three years to renew your (ISC)² certification. It should be noted that the same principles apply to ISACA CPE Requirements as well.

Read more >> CISA vs CISSP: 5 Key Differences

How To Earn CISSP CPE Credits?

There are certain requirements that require CISSP holders to earn CPE credits to maintain their certifications. Typically, work performed as part of a CISSP’s regular duties will not be recognized for CPE credits. If you perform additional distinctive work outside of your typical daily activities at work, you may be eligible for CPE credits.

“Members and associates can earn up to 10 Group A CPE credits for activities performed during their regular working hours when engaged in unique projects, assignments, activities, or exercises,” according to the manual. The one-of-a-kind project, task, activity, or exercise must be outside of their typical (or day-to-day) job duties or job description.”

CISSPs should be aware that if they attend conferences or get training, they may claim CPE credits in the appropriate areas, whether through attendance or work done on the job.

Examples of Group A and Group B credits

Group A

• Taking a self-paced, mixed, or instructor-led online educational course
• Reading a magazine, book, or whitepaper
• Putting out a book, whitepaper, or article
• Attending an in-person or virtual conference, educational course, lecture, or presentation
• Getting ready to give a presentation or teach knowledge on information security
• Doing a one-of-a-kind work-related project that is not part of your regular job tasks
• Self-study connected to project research or preparation for a certification test
• Volunteering for government, nonprofit, and charity groups
• Pursuing a higher education program

Group B

• Attending conferences in industries other than security
• Attending non-security education courses
• Getting ready for non-security presentations, seminars, and training
• Committee of non-security government, commercial sector, and philanthropic groups

How are CPE credits calculated?

CPE credits are computed per activity; the following are popular areas for which CISSPs might earn credits. In general, one hour of CPE credit can be obtained for every hour spent on any educational activity. Several activities, however, will award you additional credits due to the degree of study involved or the time commitment necessary. CPE credits are typically not earned through normal day-to-day employment activities.

Attending educational and training seminars or courses 

Attending educational and training seminars or courses might earn you Group A or Group B credits for each hour spent in class. Group B credits are acquired when training courses or seminars are not related to a credential’s domains.

Attending conferences 

Similarly, one CPE credit can be obtained for each hour of conference attendance or session. Cyber-security conferences provide Group A credits, whilst other educational conferences provide Group B credits.

Attending vendor presentations

You can only earn one Group A CPE credit for each hour of attendance at a vendor presentation. The presentation should be instructive and relevant to the certification areas.

Higher academic course completion 

For every hour spent in a higher academic level class, one CPE credit can be obtained. The course is available online. Only once the course has been completely completed and passed will the credits be awarded. Courses relevant to the credential domains receive Group A credit; otherwise, credit is obtained in the Group B category.

Training, lectures, or presentations preparation

Time spent planning training, lectures, or presentations can potentially earn CPE credits. They must, however, be non-work-related, and no CPE credits can be obtained for the time spent presenting them. When the training, lectures, or presentations are directly relevant to certification domains, the credits will be in the Group A category; otherwise, the credits will be in the Group B category. No credits may be awarded for training or teaching courses that last several days (or even weeks or months).

Security book or article publication 

The initial publishing of a security book or essay in a magazine or journal can earn you Group A CPE points, but the content must be connected to the credential domains. Credits are available for both print and internet publications. This path only allows you to gain Group A credits.

Performing board security services

Only board services connected to security can get you Group A credits. CPE credits will be granted based on the contribution level specified by the appropriate organization’s board of directors or parent corporation. It is advised that you verify your service hours with a signed statement from any officer of that organization, but if the organization fails to do so, you may confirm your own CPE credits.

Completing self-study

Attending podcasts, webcasts, or CBT (computer-based training) can earn one CPE credit for every hour spent on such activities. When podcasts, webcasts, or CBTs are directly relevant to certification domains, they get Group A credits; otherwise, they earn Group B credits. However, the amount of CPE credits that can be filed for podcasts, webcasts, or CBT is limited.

Studying cybersecurity magazines or books 

Reading cybersecurity journals or books can earn you specialized CPE credits; only Group A credits can be acquired.

Reading a whitepaper

CPE credits can be earned by reading whitepapers published on legitimate websites. You must provide a brief description of the materials you researched, including website information. The website must be freely available to anyone. Only Group A credits are available.

Writing a security whitepaper

After they are published on any genuine or real organizational website, writing whitepapers might earn you Group A credits. The whitepaper must be at least two pages long and open to the public without limitation.

Reading the magazine InfoSecurity Professional

Every issue of InfoSecurity Professional magazine can earn you Group A credits. This is an online magazine for members only. You may be required to complete an online quiz linked to the magazine’s content.

Book reviews about cybersecurity

Reviewing cyber-security books can earn you Group A credits. Every book evaluated receives credit. The review must be a certain length.

Volunteering for non-profits, the public sector, or the government

Every hour of voluntary activity earns Group A CPE credit. You must keep a signed confirmation on the organization’s letterhead that clearly shows the voluntary labor hours connected to the credential domain.

Volunteering for cyber-security and information-systems meetings

Attending and volunteering for cyber security and information systems gatherings might earn you Group A or Group B credits, depending on the meeting’s relevance to the certification domains.

Safe and Secure Online program 

The Safe and Secure Online program can earn you Group A credits. You can also attend (ISC)² in-person orientations. After completing the Safe and Secure Online session, you must complete and pass the online orientation quiz.

Preparing for new classrooms, seminars, and training materials, as well as upgrading current ones

Prepare new or update current classroom, seminar, and training materials to gain Group A credits. The contents, however, must be new and not duplicated or recycled, and no CPE points are provided for the time spent presenting the information.

As you can see, there are a variety of approaches to obtain CISSP CPE credits. Attending a seminar, conference, or project, on the other hand, will be difficult if you are a full-time working professional. Because you must ensure that the activity’s timetable is compatible with yours. Furthermore, you must spend a substantial sum of money to participate in the activity. However, CISSP CPE credits online resources are less expensive and easier to use.

Read more >> SSCP vs CISSP: How Are They Different?

How To Submit CPE Credits

To submit CPE credits, you should normally do the following:

1. Keep track of your CPE activities: Keep a note of the date, activity name, sponsor, and amount of credits earned as you complete CPE activities.
2. Consult your professional association: Check to see what CPE credits are necessary and what activities qualify. Check to see if there are any special standards or paperwork you must use to submit your CPE credits.
3. Submit your CPE credits: Once you have completed the required CPE credits, submit them to your professional organization. This might entail filling out a form or submitting information online.
4. Check your CPE credits: Your professional organization may send you a confirmation or an audit notification once you submit your credits. Maintain up-to-date and accurate records for future audits.

How To Report CPE Credits To (ISC)²?

Follow these procedures to report your CPE credits to (ISC)² (International Information System Security Certification Consortium):

1. Log in to your (ISC)² account.
2. Click on the “Dashboard” tab.
3. Click on the “Manage CPEs” option.
4. Click on the “Add CPE” button.
5. Enter the details of the CPE activity, including the date, type of activity, provider name, and the number of CPE credits earned.
6. Upload any required documentation to support your CPE claims, such as certificates of completion, attendance records, or other proof of participation.
7. Click on the “Submit” button to complete the process.

(ISC)² will check and validate your CPE credits after you have submitted them. If everything is in order, the CPE credits will be added to your account and you will receive an email notification. It’s a good idea to preserve records of all your CPE activities and paperwork for up to two years in case (ISC)² conducts an audit.

CPE Policies and Procedures

To retain certification and associate status, certified members and Associates of (ISC)² must achieve a minimum of CPE credits and pay an Annual Maintenance Fee (AMF). Both prerequisites are required to keep your outstanding standing.

Qualification members must complete CPE activities throughout the three-year certification cycle and no later than the certification expiry date (end of certification cycle). Associates of (ISC)² must conduct CPE activities during their yearly cycle.

Certified members (single or multi-certified) must pay a $125 yearly membership fee, which is due on the first day of the member’s certification cycle and is payable on the same day every year. A member’s certification cycle begins on the anniversary of their certification. Associates of (ISC)² must pay a $50 yearly maintenance fee on the first anniversary of their cycle, which is payable on the same day each year.

When the requisite CPE credits and AMF payment criteria are completed at the conclusion of the three-year certification cycle, qualified members will be recertified for a new three-year certification cycle. The associate designation will be extended for another one-year cycle if the required CPE credits and AMF payment criteria are satisfied at the end of the one-year associate cycle.

How to Maintain Your CISSP

As an (ISC)² member, if you hold more than one (ISC)² credential, the CPE credits you submit will be awarded to all of your active credentials as of the completion date. Members and associates should not register CPE activities in their records (member database) more than once.

Make sure to include those pertinent websites in your CPE application when submitting Group A credits. When a member possesses multiple credentials, the CPE credits will be applied to each credential as Group A credits. If an activity does not link to your other credentials as a domain-related activity, selecting “None of the Above” in the CPE portal assigns Group B credits to your other credentials.

FAQs

Can I earn CPE credits for teaching a course related to information security?

CPE credits are available for instructors, teachers, and professors that teach courses directly relevant to the SECO-Institute’s Cyber Security & Governance Certification Program. One CPE credit is awarded for one hour of instruction.

What happens if I fail to earn enough CPE credits to maintain my certification?

CISSPs must achieve a particular number of CPE credits each year; otherwise, their certification may be suspended or lost. The suspension will be revoked only if the required yearly CPE credits have been completed. Typically, candidates have 90 days to obtain and submit their requisite CPE credits. If CISSPs are decertified, they can file an appeal.

Final Words