The CISSP candidate must have a minimum of four years of professional work experience in one or more of the domains listed in the preceding section. After being notified of a passing score on the CISSP examination, the candidate must submit a qualified third-party endorsement (from another CISSP; the candidate’s employer; or any licensed, certified, or commissioned professional, such as a banker, attorney, or certified public accountant) to validate the candidate’s work experience. This endorsement must be submitted within 90 days of the date of the exam results notification letter or the application and exam results are voided. A percentage of submitted applications will be randomly audited, requiring additional documentation (normally a resume and confirmation from employers of work history) and review by (ISC)2. Final notification of certification upon receipt of the endorsement letter will normally be sent by (ISC) 2 via e-mail within one business day (seven business days if audited).
The candidate must also subscribe to the (ISC) 2 Code of Ethics and renew certification every three years. The CISSP certification can be renewed by accumulating 120 Continuing Professional Education (CPE) credits or by retaking the CISSP examination. You earn CPE credits for various activities, including taking educational courses or attending seminars and security conferences, membership in association chapters and meeting attendance, vendor presentations, university or college course completion, providing security training, publishing security articles or books, serving on industry boards, self-study, and volunteer work. You must submit evidence of any such activities to (ISC) 2 for determining and documenting CPE credits. In most cases, this can be done online in the secure area of the (ISC) 2 Web
site. There is also an $85 (U.S.) annual maintenance fee payable to (ISC)2. Maintenance fees are billed in arrears for the preceding year and may be paid online, also in the secure area of the (ISC) 2 Web site.
Tip The minimum requirement for CISSP certification is four years of professional work experience in one or more of the ten domains of the CISSP CBK. However, you can be credited for one year of experience if you have either a four-year college degree or a master’s degree in Information Security from a National Center of Excellence (but you cannot combine both the four-year degree and the master’s degree to get two years of credit).
Cross-Reference See Chapter 3 for more information on earning CPE credits and maintaining your CISSP certification.