The CompTIA Continuing Education program is the official mechanism for keeping certifications active without retaking the exam. The framework requires a specified number of Continuing Education Units (CEUs) within each three-year renewal cycle. The number ranges from 20 CEUs for entry-level certifications like IT Fundamentals+ to 75 CEUs for expert-tier certifications like CASP+ or its newer SecurityX rebrand. The marketing around CEUs implies that paid courses are the path of least resistance. The reality is far more flexible.
This guide walks through every legitimate, free or near-free path to CEUs that CompTIA officially recognizes, with the documentation requirements for each, so candidates can renew without spending hundreds of dollars on training they do not actually need.
How the CEU Program Actually Works
CompTIA publishes a Continuing Education Program Policies and Procedures document that lists every approved CEU activity category. Each category specifies the maximum CEUs claimable per cycle and the documentation required. A candidate can mix and match across categories up to the total required.
| Certification Level | Renewal CEUs Required |
|---|---|
| ITF+ and Tech+ | 20 |
| A+ | 20 |
| Network+, Cloud+, Linux+, Server+, Project+ | 30 |
| Security+ | 50 |
| CySA+, PenTest+ | 60 |
| CASP+ / SecurityX | 75 |
"The CE program is designed to recognize the work practitioners are already doing on the job and in the community. The activity categories reflect that. We are not trying to force people back into classrooms." -- James Stanger, Chief Technology Evangelist at CompTIA
The renewal cycle starts the day the certification is awarded. CEUs must be submitted before the expiration date, and CompTIA charges a CE Annual Fee — currently 50 USD per year per certification, with a maximum of 150 USD per year regardless of how many certifications a candidate maintains — to use the program.
Category 1: Earning a Higher-Level CompTIA Certification
The single most efficient path to renewing multiple certifications at once is passing a higher-tier CompTIA exam. The renewal cascade automatically extends lower-tier certifications.
| Higher Cert Earned | Lower Certs Renewed |
|---|---|
| Network+ | A+ |
| Security+ | A+, Network+ |
| Cloud+ | A+, Network+ |
| Linux+ | A+ |
| Server+ | A+, Network+ |
| CySA+ | A+, Network+, Security+ |
| PenTest+ | A+, Network+, Security+ |
| CASP+ / SecurityX | A+, Network+, Security+, CySA+, PenTest+ |
For candidates already holding multiple CompTIA certifications, passing the highest applicable exam every three years is dramatically cheaper than maintaining each separately through CEU activities. A 405-USD CASP+ voucher renews five lower certifications, replacing 200+ CEUs of activity logging with one exam.
This is not technically a CEU activity — it is a renewal cascade — but it is the most cost-effective renewal strategy for stacked-certification holders.
Category 2: Non-CompTIA Industry Certifications
Earning industry certifications from other vendors counts toward CEUs at rates published in the CE program documentation. The list is long; the highlights include:
- AWS Solutions Architect Associate: 30 CEUs toward Network+ and Security+ renewal
- Microsoft Azure Administrator Associate (AZ-104): 30 CEUs toward Network+ and Cloud+ renewal
- Cisco CCNA: 30 CEUs toward Network+ renewal
- ISC2 CISSP: full renewal of A+, Network+, Security+, CySA+, PenTest+, CASP+
- GIAC certifications at various tiers: 25 to 50 CEUs depending on level
- Red Hat RHCSA and RHCE: 30 CEUs toward Linux+ renewal
A candidate already pursuing a non-CompTIA certification for career reasons gets the renewal benefit as a side effect.
CISSP renewal cascade -- the ISC2 Certified Information Systems Security Professional credential, when earned and reported to CompTIA, fully renews all CompTIA security certifications under the CE program's senior-credential rules. This is the single biggest cascade outside the CompTIA ecosystem.
Category 3: Higher Education
College courses related to the certification's content count for CEUs. The official rate is approximately one CEU per hour of relevant coursework, capped per cycle.
A three-credit-hour college course in networking, security, or systems administration completed during the cycle counts for roughly 45 CEUs — enough to fully renew Security+ on its own. Community college courses qualify; the institution does not need to be elite.
A candidate already enrolled in a degree program — Bachelor of Science in Cybersecurity, Associate in Information Technology, MBA with an IT track — gets renewal CEUs as a free byproduct of coursework already happening.
Category 4: Industry Webinars, Conferences, and Workshops
This is the category where most candidates miss the easy CEU wins. CompTIA accepts CEUs for attending qualifying industry events, with documentation. Free events qualify equally with paid events.
Free Webinars That Count
A non-exhaustive list of free webinar sources whose content typically qualifies:
- SANS free webcasts and What Works sessions
- (ISC)2 quarterly Think Tank webinars (free for members; member-fee waivers exist)
- ISACA chapter webinars (often free for non-members in many cities)
- Cisco Live On-Demand session recordings (require free Cisco account)
- AWS re:Invent and Summit session recordings (free on YouTube)
- Microsoft Ignite session recordings (free on Microsoft Learn)
- Google Cloud Next session recordings (free on YouTube)
- BSides local and virtual conferences (often free or low-cost)
- DEF CON village and main-track recordings (free on YouTube and DEF CON's media server)
- Black Hat opening keynotes (free; full sessions require ticket)
CompTIA accepts attendance at one of these for one CEU per hour with documentation. The documentation requirement is straightforward: a confirmation email, attendance record, or recording timestamp combined with a candidate-written summary.
"I have not paid for a renewal in eight years. SANS webcasts, ISACA chapter events, and BSides talks cover my full Security+ and CASP+ renewal cycles. The trick is logging them as you attend, not at the last minute." -- Lesley Carhart, Principal Industrial Incident Responder at Dragos Inc.
Conference Attendance
Conference attendance generally counts at one CEU per hour of session time, with maximums per cycle. The major free or low-cost qualifying conferences include:
- BSides — community-driven security conferences in cities worldwide; typically 20-50 USD if not free
- DerbyCon archives — historical recordings remain CEU-eligible if not previously claimed
- Local OWASP chapter meetings — free, monthly, in most major cities
- Local ISACA, ISSA, and HTCIA chapter meetings — small fees, often free for first-time attendees
- Cloud Native Computing Foundation (CNCF) KubeCon — paid, but scholarships and remote-attendance options exist
A candidate attending two BSides events and twelve OWASP local chapter meetings per year racks up 25-35 CEUs annually with negligible cost.
Category 5: Teaching and Mentoring
Candidates who teach a class, deliver a presentation, or mentor formally earn CEUs at rates higher than passive learning categories. CompTIA recognizes:
- Delivering a conference presentation (3 CEUs per hour)
- Teaching a class on related material (1 CEU per hour, with classroom-hour caps)
- Mentoring a documented mentee for at least three months (modest CEU credit per mentee)
- Authoring a blog post or article on a relevant technical topic (variable, with documentation)
A candidate who delivers one OWASP chapter talk per quarter and mentors one career changer through their A+ studies covers a full Security+ renewal cycle through this category alone.
Category 6: Professional Experience
Experience working in the field counts for CEUs at modest rates. The rule is approximately one CEU per month of full-time relevant work, capped per cycle.
A candidate working full-time in a relevant role during the renewal cycle accumulates roughly 36 CEUs from work alone over three years — more than enough to fully renew A+, Network+, or Project+, and a substantial fraction of Security+.
The documentation required is a current job description signed by a supervisor, not detailed timesheets. Most candidates already have what they need in their employee file.
Category 7: Publishing
Publishing a book, peer-reviewed article, or significant industry whitepaper earns CEUs at high rates per piece. The exact rates depend on the publication tier and word count, but a single substantial published article in a recognized industry publication can produce 15 or more CEUs.
Candidates who write technical blog posts on a regular cadence — Dark Reading, ISACA Journal, IEEE publications, the SANS Reading Room, Cisco Press technical blogs, or even a personal blog with documented readership — accumulate publishing CEUs faster than most realize. Brian Krebs, the longtime independent security journalist behind KrebsOnSecurity, has written that the documentation requirements for the publishing category are far lighter than candidates expect, and consistent low-volume blogging covers a renewal cycle for many practitioners.
Documentation Discipline: The Real Hack
The actual hack is not finding free CEU sources. The actual hack is logging them as you go rather than scrambling at renewal time.
CompTIA's CE portal accepts CEU submissions throughout the cycle. A practitioner who logs each webinar within a week of attending, each conference talk within days of delivering, and each work month at the end of each calendar quarter will arrive at renewal time with documentation already complete.
The candidates who fail renewal — and a meaningful percentage do — almost universally cite last-minute scrambling for documentation as the cause. Activities they actually did during the cycle are disqualified because email confirmations were deleted and conference badges were thrown away.
A simple system works: a single spreadsheet or note-taking app entry per qualifying activity, with date, source, hours, and a one-sentence summary. Save confirmation emails to a dedicated folder. Snap photos of physical attendance badges. The total ongoing time investment is under one hour per month, and it eliminates renewal stress entirely.
A Sample Three-Year Free CEU Plan for Security+
The numbers below show how a Security+ holder can fully renew (50 CEUs required) without paid courses.
| Activity Category | CEUs Earned | Annual Time Investment |
|---|---|---|
| Full-time IT/security work (36 months) | 18 | Already happening |
| 12 SANS free webcasts (1 CEU each) | 12 | 1 hour/month |
| 4 BSides events at 1 day each (8 CEUs each, capped) | 16 | 4 days/year |
| 3 OWASP chapter talks delivered (3 CEUs each) | 9 | 9 hours total |
Total: 55 CEUs at zero direct cost, exceeding the 50-CEU requirement.
The same template extends to higher-CEU certifications by adding more events, more publishing, or stacking a non-CompTIA certification.
The CE Annual Fee: The One Cost You Cannot Avoid
Every candidate using the CE program pays the CE Annual Fee, currently 50 USD per certification per year (capped at 150 USD across all certifications per year). Over a three-year renewal cycle for a single Security+ certification, this totals 150 USD — substantially less than a single course would cost, but not zero.
Candidates with three or more CompTIA certifications hit the annual cap and effectively pay 150 USD per year regardless of how many additional certifications they hold. This makes maintaining a stack of certifications more cost-efficient per credential than maintaining one or two.
When Paid Training Still Makes Sense
There are scenarios where paid training is the right choice even with all the free options.
The first is when the paid training covers content the candidate genuinely needs to learn for their current job. Pursuing a SANS course because the role requires its content, with renewal CEUs as a side effect, is sound.
The second is when an employer pays. If the company has a training budget and approves a 3,000 USD SANS course, decline-and-watch-free-webinars is rarely the right move.
The third is when consolidated time matters more than money. A two-day boot camp that delivers 16 CEUs in a weekend can be worth several hundred dollars to a candidate whose ordinary schedule does not allow distributed learning across the cycle.
For everyone else, the free path covers the territory.
A Closer Look at Documentation Standards
Different CEU activities require different documentation. Knowing the standard up front saves rejected submissions later.
For webinars and recorded conference sessions, the minimum acceptable documentation is the registration or attendance confirmation email plus a candidate-written summary of at least 100 words describing what was covered and how it relates to the certification's content. The summary is what reviewers use to determine relevance, so generic "learned about cybersecurity" descriptions get rejected. Specific summaries — "Reviewed the MITRE ATT&CK technique T1486 (Data Encrypted for Impact) and the detection logic for ransomware command-line patterns" — pass.
For teaching and presentations, the documentation is a copy of the slide deck or syllabus, the event flyer or invitation, and a confirmation from the organizing entity. Conference talks at recognized events are the cleanest because the conference website itself functions as third-party documentation.
For publishing, the URL of the published piece and a copy of the byline serves as documentation. Self-published blog posts qualify if the blog has a documented audience and the content is technical and substantive. A 200-word listicle on a free Medium account does not qualify; a 2,000-word technical writeup on a personal blog with email subscribers does.
For work experience, the documentation is a current job description signed by a supervisor or HR. Most candidates already have this in their employee file. Wendy Nather, a longtime industry analyst now at 1Password, has commented in interviews that the work-experience CEU category is the most underused renewal mechanism in the industry, simply because candidates assume they need to do something extra rather than documenting what they already do.
For non-CompTIA certifications, the documentation is a transcript or verification page from the issuing body. Most major certification programs offer a verification URL that CompTIA reviewers can check directly.
The CompTIA reviewer team processes submissions within roughly two weeks during normal volume periods and longer near the end of common renewal cycles (typically December and June). Submitting throughout the cycle rather than batching at the end avoids the queue.
Mistakes That Cause Renewal Failures
Five mistakes recur in renewal-failure cases.
Submitting after the expiration date. CompTIA's grace period is short and limited. CEUs earned during the cycle but submitted after the cycle ends are typically not honored, and the candidate must retake the exam.
Claiming the same activity twice across multiple certifications. A single SANS webcast counts once toward one renewal, not multiple times across all active certifications. Candidates with stacked certs sometimes assume otherwise and over-claim.
Mismatched activity-to-certification mapping. A pure project-management webinar does not count toward Security+ renewal because the content is not security-relevant. Reviewers check relevance, and irrelevant claims are rejected.
Missing the CE Annual Fee. The fee must be current for CEU submissions to count. A candidate who skipped the fee for two years cannot retroactively pay and submit.
Failing to update the CE portal email address. Notifications about expiration approach, fee due dates, and documentation issues all go to the address on file. Career changes that orphan an old email account often orphan the renewal cycle along with it.
Each mistake is preventable with five minutes of attention per quarter.
See also: /certifications/comptia/comptia-ceu-requirements-maintaining-certifications-without-retaking-exams, /certifications/comptia/comptia-stackable-certifications-explained-building-specialization-stack, /certifications/comptia/comptia-voucher-discounts-legitimate-ways-to-save-on-exam-fees, /certifications/cybersecurity/, /exam-prep/study-techniques/
References
- CompTIA. Continuing Education Program Policies and Procedures. CompTIA, 2024.
- CompTIA. CE Program Activity Catalog and Approved Activities List. CompTIA, 2024.
- ISC2. CPE Handbook. ISC2, 2024.
- SANS Institute. Free Webcasts and What Works Archive. SANS, ongoing.
- ISACA. Continuing Professional Education Policy. ISACA, 2023.
- Center for Internet Security. CIS Benchmarks Library. CIS, ongoing.
- OWASP Foundation. Local Chapter Meeting Records and Resources. OWASP, ongoing.