1.6 Pricing, AMF, CPE, and Maintenance Overview

Cost and Maintenance Are Part of the Credential Lifecycle

CISSP planning should not stop at study time and exam day. ISC2 lists CISSP standard registration as U.S. $749 for the Americas and all other regions not separately listed, U.S. $749 for Asia Pacific, U.S. $749 for Middle East and Africa, EUR 719.04 for EMEA, and GBP 606.69 for the United Kingdom. Pricing and taxes depend on the exam administration location and Pearson VUE registration, so candidates should verify the final amount during scheduling.

ISC2 also lists schedule-change fees: U.S. $50, 35 GBP, or 40 EUR for rescheduling, and U.S. $100, 70 GBP, or 80 EUR for cancellation. These figures are not study trivia. They are planning controls. If a candidate schedules before building readiness evidence, missed milestones can become financial waste. A mature plan treats the exam date as a project commitment supported by a study schedule, practice evidence, identification readiness, accommodation requests if needed, and budget approval.

Maintenance is a continuing obligation. ISC2 member policies state that to maintain certification or associate status, members must earn CPE credits and pay AMF. For CISSP, the CPE table lists 30 Group A credits suggested annually and 90 Group A credits required over three years. It also lists 10 Group A or B credits suggested annually and 30 required over three years, for a total of 40 suggested annually and 120 required over the three-year cycle.

The Group A emphasis matters because CISSP is a professional security credential. Maintenance should reinforce relevant security competence, not become a last-minute paperwork scramble. A good CPE plan maps activities to the domains and to actual job growth: risk workshops, secure architecture training, identity governance work, incident response exercises, assessment methods, privacy and data handling, secure software practices, or professional security education. The safest operational approach is to record CPE evidence as activities happen.

AMF planning should also be explicit. Certified members holding CISSP, SSCP, CCSP, CGRC, CSSLP, ISSAP, ISSEP, or ISSMP pay U.S. $135 annually. Associates of ISC2 pay U.S. $50 annually. Members with multiple certifications pay one AMF, due on the earliest certification anniversary according to the source brief. Treat this as a compliance obligation. Missing maintenance can affect good standing, title usage, and professional representation.

A risk-based budget includes direct and indirect costs. Direct costs include registration, possible rescheduling or cancellation, AMF, and training materials if selected. Indirect costs include study time, time away from work, travel to an authorized test center if applicable, and time to maintain CPE records. None of this implies certain compensation, a job, or a promotion. The honest value statement is that CISSP can support professional credibility when earned and maintained, but outcomes depend on many factors outside the credential.

Maintenance also reinforces the CISSP mindset. Security knowledge changes, organizations change, threats change, and control environments change. CPE and AMF are not just administrative chores; they are mechanisms for keeping a professional credential active and connected to ongoing learning. A security leader who budgets only for exam day but not maintenance has treated certification as an event instead of a lifecycle. That is inconsistent with the way CISSP expects you to think about controls, evidence, and governance.

Candidate Budget and Maintenance Checklist

• Confirm regional exam price and taxes during Pearson VUE registration.
• Know rescheduling and cancellation fees before selecting a date.
• Request ISC2-approved accommodations before scheduling if accommodations are needed.
• Budget the annual AMF for certified or associate status.
• Create a three-year CPE tracker with Group A, Group A or B, total credits, dates, and evidence.
• Review CPE progress quarterly rather than waiting for the cycle deadline.
• Keep title usage aligned with current good standing.

A simple governance pattern is to review the credential quarterly. Check CPE totals, evidence quality, AMF status, domain coverage, and professional development goals. If you are an Associate of ISC2, also review progress toward required experience. This turns maintenance into a low-friction control rather than a crisis. It also models the same continuous monitoring and improvement language that appears across the CISSP domains.