Becoming a cybersecurity professional requires a dedication to life-long learning, as threats, vulnerabilities and best practices are constantly evolving. Maintaining your ISC2 certification – from CC to CISSP – requires earning continuing professional education (CPE) credits.

Depending on which certification you hold – or if you’re an Associate of ISC2 – the number of CPE credits you need to earn will vary. For associates, the requirement is 15 credits per year. For all certifications, CPE activities must be completed during your three-year certification cycle. ISC2 provides annual recommendations in our Certification Maintenance Handbook, to maintain a healthy balance between your professional development, day job and your personal life.

ISC2 CPE requirements by certification

Earning CPE credits

The general rule of CPE credits is that 1 hour of activity = 1 credit. If you’re participating in an activity through ISC2 directly – like attending Security Congress , taking a Skill-Builder or doing a JTA survey – your activity will be submitted on your behalf to your CPE Portal. Depending on the activity, the CPE credit will be awarded between one week and one month after you complete the activity. You can log into your ISC2 member account and visit to check your CPE progress. We’ve also published a video on how to access the CPE portal that you can view to follow along with the steps. As a reminder, CPE credits are only submitted on your behalf if you are in your cycle, or within your 90-day grace period. If you’ve let your certification, or associate status, lapse, CPE activity will not upload automatically. You will need to provide that information manually, but any activity from within your cycle – as well as the 90-day grace period – is valid for CPE credit, even if your account is in suspension.


Using the ISC2 CPE portal

For activities not submitted on your behalf by ISC2, you’ll need to use the CPE Portal to upload them. The first step when submitting CPE activities is to select which type of credit you are applying for. There are two types of CPE credits: Group A and Group B.

Group A relates to the domains of your certification and can include reading a whitepaper on AI security or watching a webinar on zero trust. You’ll be required to provide supporting documentation of your activity and summarize your learning. Watch our quick video on how to submit Group A CPE credits.

When submitting Group A activity, you’ll select the relevant domain of your certification. You can select more than one domain from more than one certification, if applicable. If you don’t select a domain for your Group A activity, the entry will remain in the draft status, as this is a required field.

Group B activities are those that are not related to the technical domains of your certification, but rather activities that grow your general professional skills. This can include a toastmaster's course or reading a book on leadership tactics. See how to submit Group B CPE credits . If you hold the CC, or are an Associate of ISC2, you do not need to earn Group B CPE credits.

Still have questions about your ISC2 CPE requirements?

If you have questions about a particular activity you’ve participated in, we’ve put together a quick CPE FAQ video that answers the most common questions ISC2 members have. You can also join us for the next ISC2 Guide to Membership webinar, or check out a recently held webinar on-demand. We host these webinars every month to guide those new to ISC2 – or close to joining – on how to navigate their member account, find out about ways to engage with their community, events to attend, and so much more. Even if you’re a tenured ISC2 member, we recommend these webinars for a refresh on membership. And yes, you can earn a Group B CPE credit for watching!

Check out these helpful CPE resources