Does CISSP Expire? Yes — 3-Year CPE & AMF Requirements

Yes, CISSP expires every 3 years. As the gold standard in information security certification, (ISC)² requires 120 Continuing Professional Education (CPE) credits over each 3-year cycle with a minimum of 40 per year, plus a $125 Annual Maintenance Fee (AMF). The CPE requirement ensures CISSP holders stay current across all 8 domains as the threat landscape evolves.

Cycle
3 Years
CPEs Required
120
Annual Fee
$125
Min CPEs/Year
40

CISSP CPE Credit Groups

(ISC)² categorizes CPE credits into two groups with specific minimums:

GroupDescriptionMinimum
Group ADirectly related to CISSP's 8 domains (security architecture, cryptography, network security, etc.)40 minimum
Group BGeneral professional development (management, leadership, communication)No minimum
TotalCombined A + B over 3 years120

How to Earn CISSP CPE Credits

At 40 CPEs per year minimum, you need about 3.5 hours of professional development per month. Here are the most popular sources:

CISSP 8 Domains — CPE Coverage Areas

Your Group A CPEs should ideally cover all 8 CISSP domains over the 3-year cycle:

DomainExam Weight
1. Security & Risk Management15%
2. Asset Security10%
3. Security Architecture & Engineering13%
4. Communication & Network Security13%
5. Identity & Access Management13%
6. Security Assessment & Testing12%
7. Security Operations13%
8. Software Development Security11%

3-Year Cost of Maintaining CISSP

ExpenseLow CostTypical
AMF ($125 × 3 years)$375$375
CPE Activities$0 (free sources)$500-$3,000
Total$375$875-$3,375

Key benefit: The $125 AMF covers all (ISC)² certifications. If you hold CISSP + CCSP + SSCP, you still only pay one $125/year AMF.

What Happens If CISSP Expires?

CISSP vs Other Security Certifications — Maintenance Comparison

CertificationCycleCPEsAnnual Fee3yr Total
CISSP3 years120$125$375
CISM3 years120$45$135
Security+3 years50 CEUs$50$150
CEH3 years120 ECE$80$240

Frequently Asked Questions

Does CISSP expire?

Yes. CISSP expires every 3 years. You need 120 CPE credits (40/year minimum) and must pay the $125 Annual Maintenance Fee each year.

How many CPE credits does CISSP require?

120 total over 3 years. Minimum 40 per year with at least 40 Group A credits (domain-specific). The rest can be Group B (general professional development).

What is the CISSP Annual Maintenance Fee?

$125 per year. This single AMF covers all (ISC)² certifications you hold (CISSP, CCSP, SSCP, etc.). You don't pay separate fees per cert.

What happens if CISSP expires?

First suspension, then full expiration. After full expiration, you must retake the exam ($749) and resubmit 5 years of experience with endorsement.

Can I earn CISSP CPEs for free?

Yes. (ISC)² webinars, chapter meetings, BrightTalk sessions, self-study, volunteering, mentoring, and writing articles all provide free CPEs.

Does (ISC)² audit CPE submissions?

Yes, random audits happen annually. Keep documentation (certificates, receipts, records) for at least 1 year beyond your cycle. Non-compliance can result in certification revocation.

Prepare for CISSP Certification

Practice with adaptive CISSP questions covering all 8 domains.

Start Free CISSP Practice Test →

Related Resources

How to Pass CISSP CISSP Study Guide CISSP vs CISM