CISSP Certification CPE Requirements.


Your Future


Career Options



Is It Too Tough To Fulfil CISSP Certification Eligibility Criteria?

One shouldn’t reject the thought of attaining CISSP Certification based on others’ opinions about how hard it is. Candidates do need to fulfill certain prerequisites to prove their eligibility for an esteemed accreditation like this. Individuals need to work hard for becoming proud and active owners of this premier cybersecurity certification.

Tasks of a CISSP certified professional

Before moving on to CISSP Certification requirements a professional must know what is expected of him/her. This certification is just a yardstick to measure if one has mastered the following:

  • Manage and monitor transmission methods, security measures, and network structures for maintaining privacy.
  • To identify and develop an enterprise’s information assets.
  • Documenting the implementation of procedures and policies.
  • Knowledge in developing the controls of applications and systems software.
  • Methods and principles of disguising organizational data assets.
  • Identifying the controls of media and hardware facilitating data access.
  • Disaster recovery and business continuity despite disruptions due to unexpected cyber attacks.
  • Deep insight into investigative techniques aimed at determining cybercrime.
  • Ensures that an organization complies with cybersecurity regulations and laws.
  • Create a protective physical environment to secure an organization’s valuable information.

Now coming back to what an individual needs to undertake to acquire excellence in the aforementioned tasks.

What has Work Experience got to do with CISSP Certification Eligibility?

Work experience of no less than 5 years is one of the crucial CISSP Exam requirements. In each of these years, one must work for a minimum of 35 hours per week each month. Individuals possessing a 4-year graduate degree or any other advanced qualification are subject to a year less than those 5 years of work experience. This applies to CISSP Certification holders, too. Thus, a full-time job of 4 years is sufficient for a certified professional to take the CISSP Exam. This job must cover more than two of the domains listed here:

  • Risk management
  • Security operations
  • Security of software development
  • Access and identity management
  • Asset security
  • Network and communications security
  • Security assessment
  • Security engineering and architecture

These domains analyze an individual’s excellence in preparing IT security procedures and architecture.

Even part-time jobs get counted into the required work experience provided that they fulfill the given time frame. A year’s work experience for a part-time job is calculated at the rate of 20 hours each week. This equals 2080 hours a year in each of those 5 years stated in the eligibility criterion. Such extensive experience of aspirants in itself prove their efficiency even before they clear the CISSP Exam. This certification eligibility program is an opportunity for professionals to strengthen their roots in information security.

The CISSP Exam is the next big step toward qualifying for the certification. Individuals need to score very high out of total marks of 1000. Answering 250 multi-response questions within 6 hours is easier said than done. Exam rescheduling and reattempting provisions offer ample scope for candidates to attain the CISSP Certification. The exam tests one’s A-Z knowledge of enforcing the much-needed integrity, security, availability, and confidentiality of data.

Rules to maintain CISSP Certification

CISSP Certification remains effective for 3 years from the date of acquisition. A candidate must adhere to the rules set by (ISC)2, the governing body of this certification. There are 3 phases to renewing one’s certification credentials:

  • Paying the required AMFs (Annual Maintenance Fees)
  • Abide by (ISC)2’s ethics
  • Meet the required count of CPE credits

AMF refers to the fee that one must pay annually for retaining (ISC)2 membership. Next, comes the set of (ISC)2 approved ethics that every cybersecurity professional must observe. The third requirement for the CISSP certification renewal is the collection of 120 CPEs within 3 years. This phase is about gaining knowledge to keep abreast of the recent developments in cyber security measures and crimes. CPE(Continuing Professional Education) credits fall within two categories. Out of the 40 CPEs to be earned in 1 year, 30 must belong to the first category while the remaining 10 can be from either of the groups.

Specific activities are allotted to each of these groups. Candidates need to accumulate their CPE credits either by performing all or some of these activities.

Means of CPE collection as listed in the first category:

  • Earning CPE would be quick and easy for avid readers. An attentive reading of a whitepaper, book, or magazine with relevant information or news of cybersecurity incidents.
  • Writing articles, whitepapers, or a book on IT security-related trends or real-time affairs to publish them.
  • Attend relevant presentations, seminars, educational courses, or conferences.
  • Create study material or presentations for information security instructors/trainers.
  • Working on a separate cybersecurity project outside one’s regular job.
  • Self-study for any certification exam preparation or project research.
  • Offer volunteer information security services to charitable, public, and private sector organizations.
  • Pursue a relevant higher academic course.

The second category of CPE gathering activities includes:

  • Attend conferences outside the information security domain.
  • Participation in education courses apart from those related to cyber security.
  • Preparation of non-security lecture/training/presentation.
  • Volunteer non-security services to private, public, and charitable organizations.

An hour spent in any of these activities equals 1 CPE credit. The CISSP Certification itself enables one with all-pervasive expertise in the information security arena. Moreover, these methods of CPE collection continuously enrich the knowledge of accredited professionals and make them certification holders in the true sense.

Professional education along with experience makes one qualify for retaining the CISSP Certification. This is an indirect way of (ISC)2 to ensure that cybersecurity professionals are never bereft of their skills. Instead, with time and through the certification renewal processes they can polish them over and over again. In comparison to the maintenance fees a certification holder pays, these CPEs return him/her much more.

Besides, none of the above-mentioned activities are tedious. These can be easily balanced with one’s day-to-day job as an information security professional. For many, attending conferences and seminars appears to be constructive breaks from work. One can’t definitely ignore the sense of self-satisfaction one gains by amassing all the possible skillfulness in one’s field.

Certified professionals can delineate cyber attacks as insider, external, unstructured, or structured cyber attacks. They assess the observance of methods to safeguard compromised PII data. This data type is related to crucial details of bank accounts, licenses, SSN, etc. The training program makes aspirants adept at figuring out identity-theft computer intruders. They are intent on committing fraud by stealing personal information. Such professionals detect the vulnerable settings of applications sharing peer-to-peer files.

Certification holders introduce the principle of least functionality in organizations. They allow systems to run only those services and applications that align with business operations. The attack surface expands with an increase in the number of applications running within the system. The training program teaches them to keep that number in check through performing regular configurations. They limit the use of network services, protocols, and open ports. Certified individuals are needed by organizations to perform automated scanning of their corporate networks.

One of the principal CISSP Certification renewal requirements is to observe an ethical code of conduct. (ISC)2 directs it not just to endow individuals with cybersecurity skills but to turn them into responsible beings.

A CISSP Certification holder has to gather CPE credits for keeping his/her credentials valid after every 3 years. Gathering CPE is more of a gaining phase than simply fulfilling the demands of (ISC)2. 40 CPEs a year total to a count of 120 in 3 years that an individual must finish collecting within that time frame.

Scrupulous reading of IT security-related whitepapers, magazines, or books, is one of the prescribed methods of CPE collection. An hour of this activity will get counted as 1 CPE credit. So, simply by recording the reading duration one claims a certain portion of the total CPE count.

Article, whitepaper, or book publishing is another recommended means of earning CPEs. This makes one adept at writing in such a difficult domain. One can now easily foray into the publishing sector.

CPE credits for CISSP Certification revalidation are also gathered by attending IT security-related seminars, conferences, and other events. This provides a professional with more exposure to cybersecurity communities across the world. He/she meets with fellow professionals as well as industry experts.

Among the multiple activities of earning CPE credits, offering volunteering service leads to one’s personal development. Otherwise, there is no use of acquiring knowledge if that can’t be used for selfless contribution to help others.

CISSP-certified individuals can offer volunteering services to any organization. It can even belong to the private sector. Offering such services to charitable organizations also makes up for one’s CPE credits based on the number of hours worked.

Preparing study material in the form of online content or writing books and also designing informative presentations fetch CPEs. The ongoing process of CISSP Certification renewal could make one eligible to join IT security training faculties in the future.

Working on a project outside one’s usual duties as a cybersecurity professional is another effective way to collect CPE. This also improves one’s multi-tasking potential to climb the ladder of success faster.

For the other CPE collection activities, one has to take the initiative and time out of one’s busy schedule. This is not the case with those attending a training program since the latter takes care of their CPE attainment.

Reviewing an exam question takes 2 hours which ultimately gets counted as 2 CPEs.

An hour of taking any related professional exam equals 2 CPE hours or credits.