Yes, CISSP expires every 3 years. As the gold standard in information security certification, (ISC)² requires 120 Continuing Professional Education (CPE) credits over each 3-year cycle with a minimum of 40 per year, plus a $125 Annual Maintenance Fee (AMF). The CPE requirement ensures CISSP holders stay current across all 8 domains as the threat landscape evolves.
(ISC)² categorizes CPE credits into two groups with specific minimums:
| Group | Description | Minimum |
|---|---|---|
| Group A | Directly related to CISSP's 8 domains (security architecture, cryptography, network security, etc.) | 40 minimum |
| Group B | General professional development (management, leadership, communication) | No minimum |
| Total | Combined A + B over 3 years | 120 |
At 40 CPEs per year minimum, you need about 3.5 hours of professional development per month. Here are the most popular sources:
Your Group A CPEs should ideally cover all 8 CISSP domains over the 3-year cycle:
| Domain | Exam Weight |
|---|---|
| 1. Security & Risk Management | 15% |
| 2. Asset Security | 10% |
| 3. Security Architecture & Engineering | 13% |
| 4. Communication & Network Security | 13% |
| 5. Identity & Access Management | 13% |
| 6. Security Assessment & Testing | 12% |
| 7. Security Operations | 13% |
| 8. Software Development Security | 11% |
| Expense | Low Cost | Typical |
|---|---|---|
| AMF ($125 × 3 years) | $375 | $375 |
| CPE Activities | $0 (free sources) | $500-$3,000 |
| Total | $375 | $875-$3,375 |
Key benefit: The $125 AMF covers all (ISC)² certifications. If you hold CISSP + CCSP + SSCP, you still only pay one $125/year AMF.
| Certification | Cycle | CPEs | Annual Fee | 3yr Total |
|---|---|---|---|---|
| CISSP | 3 years | 120 | $125 | $375 |
| CISM | 3 years | 120 | $45 | $135 |
| Security+ | 3 years | 50 CEUs | $50 | $150 |
| CEH | 3 years | 120 ECE | $80 | $240 |
Yes. CISSP expires every 3 years. You need 120 CPE credits (40/year minimum) and must pay the $125 Annual Maintenance Fee each year.
120 total over 3 years. Minimum 40 per year with at least 40 Group A credits (domain-specific). The rest can be Group B (general professional development).
$125 per year. This single AMF covers all (ISC)² certifications you hold (CISSP, CCSP, SSCP, etc.). You don't pay separate fees per cert.
First suspension, then full expiration. After full expiration, you must retake the exam ($749) and resubmit 5 years of experience with endorsement.
Yes. (ISC)² webinars, chapter meetings, BrightTalk sessions, self-study, volunteering, mentoring, and writing articles all provide free CPEs.
Yes, random audits happen annually. Keep documentation (certificates, receipts, records) for at least 1 year beyond your cycle. Non-compliance can result in certification revocation.
Practice with adaptive CISSP questions covering all 8 domains.
Start Free CISSP Practice Test →