In continuation of my post yesterday I thought it would benefit candidates who are in the process of giving their CISSP certification and existing certified folks a glimpse of the requirements needed for meeting your yearly Continuing Professional Education for retaining your CISSP credentials.
In addition to paying the annual maintenance fees , you also have to add your CPEs’ for that year. So keeping track of all the activities you have done for the intervening period is important. The biggest challenge is to keep track of all the activities that you performed either as part of your day to day job or any extra volunteering that contributed to you getting the necessary credits that can be added to fulfill your CPE requirements.
For CISSP , you need to submit a total of 120 credits over a period of 3 years. Credits are categorized either under Group A or Group B Domains. The recommendation is to add 40 credits per year on a scheduled basis so as to not get overwhelmed when the deadline approaches.
You need a system to categorize on whether the work you do is Group A or Group B and how many credits apply at each level?
According tot he official CPE manual published by ISC2 organization, Group A has a requirement of 30 credits on a annual basis and Group B has a requirement for 10 credits. However the credits of Group B can be substituted with Group A credits if you have not performed any Group B activities. So an additional time spent on Group A could also be added to fulfill your annual requirement of 40 credits.
Below is a snapshot of the table for CISSP requirements:
Group A and Group B Credits definitions:
Its important to distinguish between the credits for each of these groups and this is where most time is spent. Group A is related to performing your domain related activities and Group B is related to your professional development. So there is fine balance between your security related work and the tasks you perform for your professional development. Here is a very good summary on each of these domain related activities mentioned in the manual.
Group A Credits: Domain-Related Activities:
Group A credits relate directly to activities in the areas covered by the specific domains of the respective credential.
Some examples are shown below:
• Taking an online self-paced, blended or instructor-led educational course
• Reading a magazine, book or whitepaper
• Publishing a book, whitepaper or article
• Attending a conference (in-person or virtual), educational course, seminar or presentation
• Preparing for a presentation or teaching information related to information security.
• Performing a unique work-related project that is not a part of your normal work duties
• Self-study related to research for a project or preparing for a certification examination
• Volunteering for government, public sector, and other charitable organizations
• Taking a higher education course
Group B Credits: Professional Development
Group B credits are earned for completion of general professional development activities which enhance your overall professional skills, education, knowledge, or competency outside of the domains associated with the respective certifications. These generally include programs such as professional speaking or management courses. While these do not apply directly to the domains,
Some examples are shown below:
• Attending non-security industry conferences
• Participating in non-security education courses
• Preparing for non-security presentation/lecture/training
• Non-Security Government/Private Sector/Charitable Organizations Committee
The above is just a example and you can always add more instances based on the work you are doing.
Its also important to understand how these CPE credits are calculated. This is to ensure a equitable weightage across both these categories and provides a ample scope to meet your annual requirements. You also have to ensure you keep proof of your credits claimed based on the activities done, so that if there is audit on your submission, you will be able to provide proof on completion.
CPE Calculation method :
The CPE categories will provide the number of credits you can earn for each activity. Typically, you will earn one CPE credit per one-hour time spent in an activity. You can report CPE credits in 0.25, 0.50 and 0.75 increments. However, some activities are worth more credits due to the depth of study or amount of ongoing commitment involved. In general, CPE credits are not earned for normal on-the-job activities.
As you can see the CISSP certification doesn’t end with you passing the exam. In fact it is a continuous learning process that validates your current skills and ensures you are motivated to keep adding more skills as you progress in your career. with cybersecurity skills in short supply globally , it is even more important that we keep our certification and skills updated. Wishing everyone the best as you continue your education.