Cybersecurity Certifications

How do cybersecurity certification renewals work?

ByDecipherU EditorialApril 2026

Direct answer · last verified 2026-04

Most cybersecurity certifications renew every 3 years through continuing education (CE) credits, an annual maintenance fee, or re-examination. CompTIA certifications require 50 CE credits over 3 years plus a $50/year fee. CISSP requires 40 CPE credits annually plus a $125/year AMF. OSCP does not expire. Letting certifications lapse means retaking the full exam.

Cited primary sources

BLS, CompTIA, ISC2, NIST, CyberSeek inline. No paraphrased blog posts.

Updated quarterly

Every answer carries a last-verified date. Cron flags stale answers automatically.

Career-relevant

Each answer routes to the matching career guide, certification page, and assessment.

Cybersecurity certification renewal is an ongoing financial and time commitment that most candidates underweight when they sit the first exam. The structural pattern across vendors: a three-year renewal cycle, a fixed number of continuing-education credits earned through training, conferences, volunteer work, or higher certifications, and an annual maintenance fee. Letting a certification lapse means retaking the full exam at full price, which is more expensive than the maintenance fees over the same period.

CompTIA certifications (Security+, CySA+, PenTest+, CASP+, Network+, SecAI). Three-year renewal cycle. 50 Continuing Education Units (CEUs) per cycle for Security+, 60 for CySA+ and PenTest+, 75 for CASP+. CEUs come from training courses, conferences (one CEU per hour), industry publications, volunteer work, or earning a higher CompTIA certification (which renews the lower one automatically). Annual maintenance fee: $50 per certification per CompTIA, April 2026 pricing. CompTIA Stackable Certifications status renews multiple certifications with shared credits.

ISC2 certifications (CISSP, CCSP, SSCP, CSSLP, CGRC). 120 Continuing Professional Education (CPE) credits over the three-year cycle, with a 40 CPE per year minimum. CPE credits split into Group A (cybersecurity domain content) and Group B (general professional development); Group A must account for the majority. Annual Maintenance Fee: $125 per ISC2 member, billed yearly per ISC2 April 2026 fee schedule. ISC2 Associate (the credential held by candidates who passed but lack the experience requirement) pays $50 per year.

ISACA certifications (CISM, CISA, CRISC, CGEIT, CDPSE). 120 CPE hours over three years with a 20 CPE per year minimum. Annual maintenance fee: $45 for ISACA members, $85 for non-members per ISACA 2026 fee schedule. ISACA tracks CPE distribution by domain; the renewing professional must maintain coverage across domain areas, not just hit a total credit number. ISACA conducts CPE audits roughly 10% of renewing professionals annually, requiring documentary proof.

GIAC certifications (GSEC, GCIH, GCIA, GPEN, GCFA, others) follow a four-year cycle. 36 CPE credits required, no annual fee but a $469 renewal fee at the end of the four-year cycle per GIAC April 2026 pricing. Re-examination is also accepted as a renewal path. GIAC enforces strict CPE category requirements, especially for the practitioner-level certifications, and audits are more rigorous than CompTIA's process.

Notable exceptions and one-time investments. OffSec's OSCP, OSCE, OSEP, and OSED do not expire and require no renewal fees per OffSec policy, though OffSec updates the exam content versions periodically and recommends voluntary re-certification. EC-Council's CEH requires 120 ECE (EC-Council Continuing Education) credits over three years plus an $80 annual ECE membership fee. AWS, Microsoft, and Google cloud security certifications generally require re-examination every two to three years at full or discounted price, with no separate CPE pathway.

Five-year renewal cost projection for a typical mid-career cybersecurity professional holding Security+, CISSP, and CISM. CompTIA Security+ at $50 per year = $250. ISC2 CISSP at $125 per year = $625. ISACA CISM at $45 per year (member rate) = $225. Total: $1,100 in maintenance fees alone, before any training spend to earn CPE credits. Plan for $500 to $2,000 per year in training and conference spend to keep all three current without scrambling.

Tradeoffs to acknowledge. CPE inflation is real. Some training providers issue questionable credits, and ISC2 and ISACA both periodically tighten what qualifies. Building a sustainable renewal practice means picking one or two high-quality training subscriptions (Pluralsight, SANS On-Demand, or a SecurityZines newsletter that issues verified credits) and attending one mid-tier conference per year. Trying to scrape CPEs from low-effort webinars at the deadline is a recipe for failing an audit.

For role-aligned renewal planning, see the related career entries for soc-analyst, security-engineer, and security-architect, plus the certification entries for comptia-security-plus, cissp, cism, oscp, and ceh.

Related Cybersecurity Career Guides

SOC Analyst→Security Engineer→Security Architect→

Related Cybersecurity Certifications

CompTIA Security+CISSP CISM OSCP CEH

Related Cybersecurity Terms

certification

Salary data is compiled from public sources including the Bureau of Labor Statistics and industry surveys. Actual compensation varies by location, experience, company, and negotiation. This information is for educational purposes only and does not constitute financial advice.

Sources

Bureau of Labor Statistics, Occupational Employment and Wage Statistics, May 2024 · Salary and employment data for cybersecurity occupations.
O*NET OnLine, version 28.0 · Cybersecurity work-role tasks, knowledge, and skills.
DecipherU Methodology · How DecipherU compiles cybersecurity career insights.

Last verified: 2026-04?Report an inaccuracy

This role lives inside a packaged path

Want the curriculum, comp delta, and recommended courses for this role?

DecipherU bundles cybersecurity roles into a small set of packaged paths. Each path has the curriculum sequence, the compensation delta it unlocks, and the recommended courses, all pre-set. Two ways in:

Take the 2-min Risk Score →Open the cybersecurity path hub →

Explore Related Cybersecurity Resources

Career GuideSoc Analyst cybersecurity career guideRead the full career guide for Soc Analyst roles Career GuideSecurity Engineer cybersecurity career guideRead the full career guide for Security Engineer roles CertificationComptia Security Plus cybersecurity certification guideCost, exam format, and career impact details GlossaryWhat is Certification in cybersecurity?Plain-language definition and career relevance

Where to go next

Three next steps depending on where you are. The first two are free.

Free · 2 minutes

Start with the AI Risk Score

Two minutes. Tells you how exposed your current role is to AI automation and which defensive moves carry the best return.

Start the AI Risk Score →

Paid program · $147-$597

Aligned course: Career Transition

Capstone reviewed by the founder, published rubric, Ed25519-signed verifiable credential on completion.

View the course →

Free account

Save your results and track progress

A free account stores your assessments, recommendations, and an exportable copy of your Career DNA. No card needed.

Create your account →

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.