Students often ask me how to maintain and renew their ISC2 Certified Information Systems Security Professional (CISSP) certification.
CISSP and the Concentrations
It’s important to understand that ISC2 offers several certifications and concentrations for the CISSP program. The ISC2 CISSP concentrations include Information Systems Security Architecture Professional (ISSAP), Information Systems Security Engineering Professional (ISSEP), and Information Systems Security Management Professional (ISSMP). When originally introduced, these certifications could be added to a CISSP. In 2023, ISC2 changed policy and now offers these as stand-alone certifications.
The ISC2 CBK
ISC2 defines the topics covered in the CISSP certification in a Common Body of Knowledge (CBK). The CBK breaks down the various issues a professional should know in order to be considered competent in a field. It is essential because it defines what a candidate needs to know to pass an ISC2 certification exam. The CBK is regularly updated and peer-developed by people working in the field.
To achieve CISSP certification, the candidate must pass the exam and have five years of related IT security experience. You can claim one year of experience by earning a post-secondary degree in computer science or related fields. When you have passed the exam and applied for certification, you need an attestation from a CISSP who has reviewed your work history and attests that you have those five years of experience. If you don’t know another ISC2-certified individual, you can create your record and submit your documented work history to ISC2 with your application.
The CISSP Associate
If you don’t yet have five years of related work experience and pass the CISSP exam, you can apply to become an associate CISSP. This is an excellent option for someone new to the field and working with or who earned their CISSP. The recertification rules for associates are different in that they must fulfill the recertification requirement (15 CPEs) each year rather than every three years. Most people who achieve associate CISSP achieve full CISSP in 3 years.
CPEs: Group A and B
ISC2 recognizes two types of CPE credits: group A and group B. To renew your CISSP, you’ll need 120 CPEs, 90 Group A CPEs, and 30 Group B CPEs.
Group A credits are earned by documenting security-related activities related to the domains of your certification. These could be activities such as reading or writing about a topic drawn from the CBK. They also include participating in ISC2 activities such as attending local chapter meetings or the annual ISC2 Security Congress or completing ISC2 courses. Many of these activities may offer to submit CPEs on your behalf if you sign in and supply your certification number or identifier.
Preparing for and achieving any of the CISSP concentrations ISSAP, ISSEP, and ISSMP fulfills your CISSP renewal requirement. However, adding these additional certifications also increases the number of CPEs required to renew later.
Group B credits are earned by documenting non-security-specific activities related to enhancing professional skills. Examples could be management or leadership training, project planning or management training, or team-building exercises. It’s important to note that you will likely need to document (get a certificate of completion) and submit some evidence of these activities.
ISC2 requires that certified individuals submit Continuing Professional Education (CPE) credits through the membership portal. You earn one CPE credit per hour spent on an activity. You can report CPE credits in 15-minute increments. However, some activities are worth more credits due to the depth of study or level of ongoing commitment involved.
You can upload activities to the ISC2 CPE portal. You'll need to provide supporting documentation of your activity and summarize your learning.
You can renew your Certified Information Systems Security Professional (CISSP) certification with another certification from the ISC2-approved list.
The maximum a member or associate can claim for a single activity is 40 CPE credits.
It’s essential to note that CPE credits are not earned for normal on-the-job activities where income has been earned.
The Annual Maintenance Fee
You also must Pay the Annual Maintenance Fee (AMF) each year before your certification or recertification anniversary date. ISC2 allows certified members and associates a 90-day grace period to fulfill the AMF and CPE requirements on time. You only pay a single AMF, regardless of how many ISC2 certifications you hold.
Auditing of CPE credits
ISC2 performs random audits of CPE activities submitted by members and associates. This necessary process upholds the integrity of ISC2 credentials and ensures compliance with ISO accreditation standards.
References:
https://www.isc2.org/-/media/Project/ISC2/Main/Media/documents/members/CPE-Handbook-2023.pdf