How often do IT certifications need to be renewed?
Most major IT certifications renew on a three-year cycle. CompTIA certifications require CEU credits every three years. AWS certifications expire after three years and require passing an exam. Microsoft certifications now expire annually but offer a free online renewal assessment. Cisco certifications renew on a three-year cycle via exam or continuing education credits.
Earning a certification is a milestone. Keeping it current is the job that never ends.
Most IT professionals do not lose certifications because they stop caring about them. They lose them because the renewal calendar becomes unmanageable. A CISSP requires CPE credits on a three-year cycle. AWS certifications expire after three years and require a passing exam. CompTIA certifications renew on a three-year CE cycle. Cisco credentials operate on a three-year recertification cycle tied to continuing education or passing a higher-level exam.
When you hold five or more credentials from three or more vendors, the renewal requirements interact in non-obvious ways. Getting the management system right is as important as the original study effort.
Understanding the renewal models
Before building a maintenance system, you need to understand how each vendor's renewal model works, because they are not the same.
CompTIA: Continuing Education (CE) Program
CompTIA certifications — A+, Network+, Security+, CySA+, CASP+, and others — renew on a three-year cycle from the date of certification. Renewal requires earning Continuing Education Units (CEUs) and submitting them through CompTIA's certification continuing education portal, plus paying an annual CE maintenance fee of $50.
The number of CEUs required increases with certification level:
A+, Network+, Server+: 20 CEUs per three-year cycle
Security+, CySA+, PenTest+: 50 CEUs per three-year cycle
CASP+: 75 CEUs per three-year cycle
CEU activities include completing higher-level certifications (which can satisfy the entire CEU requirement in one action), attending training courses, writing articles, attending conferences, or passing a new exam. A candidate who earns Security+ and then earns CySA+ satisfies the Security+ CEU requirement automatically through the "higher credential" provision.
AWS: Exam Recertification
AWS certifications expire exactly three years from the date of passing. Renewal requires passing either the same exam again or any higher-level exam in the same track. There is no continuous education option — AWS requires demonstrated competency through examination.
An important structural benefit: passing the AWS Solutions Architect Professional exam simultaneously renews the AWS Solutions Architect Associate certification. Passing any AWS specialty exam renews the Cloud Practitioner. AWS publishes the "recertification credit" matrix in its certification policies documentation.
Microsoft: Role-Based Annual Renewal
Microsoft introduced a free annual renewal model in 2021. Microsoft certifications expire one year from the date of passing (with some role-based certifications having specific expiry windows). Renewal is free and completed through Microsoft Learn via a short assessment — typically 25-40 questions — that takes 30-60 minutes. No exam center visit is required.
This makes Microsoft certification maintenance one of the least burdensome in the industry, provided you complete the renewal before the expiration date. Microsoft sends email reminders starting 180 days before expiration.
Cisco: Continuing Education or Exam
Cisco certifications renew on a three-year cycle. Renewal options include:
Passing a qualifying exam
Earning 30 Continuing Education credits for CCNA/CCNP level certifications (more for CCIE)
Using Cisco-authorized training credits
Cisco's Continuing Education program accepts a wide range of activities including Cisco DevNet courses, authorized training, and Cisco Live session attendance.
(ISC)2: Annual Maintenance Fees and CPE Credits
CISSP, SSCP, CCSP, and other (ISC)2 certifications require 20 CPE credits per year (120 total over a three-year cycle for CISSP), plus an Annual Maintenance Fee of $125. CPE activities include training, publishing, teaching, and professional contributions. (ISC)2 has a broad definition of qualifying CPE activities, making it relatively easy to accumulate credits through normal professional work.
Building a certification calendar
The most common maintenance failure is not laziness — it is failing to track renewal dates across multiple vendors with different cycles. A certification tracking system needs three components: expiration visibility, renewal requirement tracking, and activity logging.
Expiration visibility
Create a single source of truth for all your certification expiration dates. A simple spreadsheet with the following columns is sufficient:
| Certification | Vendor | Earned date | Expiration date | Renewal type | Renewal deadline |
|---|---|---|---|---|---|
| Security+ | CompTIA | Jan 2022 | Jan 2025 | 50 CEUs | Dec 2024 |
| AWS SAA | AWS | Mar 2023 | Mar 2026 | Exam | Feb 2026 |
| CISSP | (ISC)2 | Jun 2021 | Jun 2024 | 120 CPE + AMF | Jun 2024 |
| AZ-104 | Microsoft | Aug 2023 | Aug 2024 | Free assessment | Jul 2024 |
Set calendar reminders at 180 days, 90 days, and 30 days before each expiration date.
Renewal requirement tracking
For each certification, document what the renewal requires and how much progress you have made. CompTIA's CE portal tracks CEUs automatically when you submit activities. (ISC)2's CPE portal similarly tracks progress. For AWS, the renewal requirement is binary — you either passed a qualifying exam or you have not.
For Microsoft, the only tracking needed is a reminder to complete the annual online assessment before the expiration date.
Activity logging
Track every activity that could count toward certification renewal credits, even if you have not yet decided which certification it will be applied to. Conference attendance, training completions, webinars, published articles, and higher-level exam passes all typically qualify for multiple credentials simultaneously.
The stacking strategy: earning renewals while advancing
The most time-efficient approach to certification maintenance is structuring your career advancement so that earning new certifications satisfies the renewal requirements of existing ones.
"The professionals who maintain the most credentials with the least effort are the ones who treat every new learning activity as both career advancement and credential maintenance simultaneously. They are not running two separate programs — they are running one." — Ed Tittel, author of over 100 IT certification study guides and former Director at NetSol Technologies.
This means planning your certification roadmap to allow each new credential to renew as many existing credentials as possible.
Example stacking scenario:
A candidate holds CompTIA Security+, AWS Solutions Architect Associate, and CISSP. Their renewal plan:
Year 1: Pass AWS Solutions Architect Professional — this simultaneously renews the AWS SAA. Use study time and CPE submission to apply 40 CPE credits toward CISSP renewal. Security+ CEU clock is running but not urgent.
Year 2: Earn CompTIA CySA+ — this satisfies the entire 50-CEU requirement for Security+ renewal through the higher credential provision. Add 20 (ISC)2 CPE credits by attending Cisco Live virtually.
Year 3: Complete CISSP annual maintenance fee and submit remaining CPE credits from ongoing professional work and conference attendance.
Total new exam cost over three years: two exams. Total certifications maintained: four. Total CEU/CPE credits satisfied: all requirements met.
Leveraging professional work as renewal credit
Most IT professionals are already doing renewal-qualifying activities and simply not logging them. The gap between what qualifies and what candidates claim is often large.
Activities that typically qualify for CPE/CEU credits across multiple vendors:
Attending industry conferences (virtual or in-person)
Completing vendor training modules on platforms like AWS Skill Builder, Microsoft Learn, or Cisco U.
Publishing technical blog posts or articles
Presenting at user groups or conferences
Mentoring or teaching IT courses
Completing academic coursework in IT or security subjects
Reading and summarizing qualifying publications (some (ISC)2 credits work this way)
The time investment to log these activities is minimal — typically 10-15 minutes per activity. The cost of not logging them is potentially letting a $500+ certification expire unnecessarily.
What happens when a certification lapses
Understanding the consequences of an expired certification motivates the tracking work.
CompTIA: If you allow a CompTIA CE certification to expire, you have a six-month reinstatement window during which you can still submit CEUs and pay the reinstatement fee. After six months, you must retake and pass the exam from scratch.
AWS: If an AWS certification expires, you must retake and pass the exam. There is no grace period or partial credit for expired credentials. The expired certification is removed from your AWS Certification account.
Microsoft: Microsoft certifications that expire without completing the free annual renewal assessment are marked as expired. You must retake the full exam to restore them. There is no grace period.
Cisco: Cisco provides a 90-day grace period beyond the expiration date during which you can still complete continuing education credits to renew. After the grace period, you must retake the exam.
(ISC)2: (ISC)2 provides a grace period before formally suspending a credential. However, lapsed credentials require backpayment of AMFs plus CPE requirements to be reinstated, which is significantly more expensive than maintaining the credential in good standing.
Automation and tools for renewal tracking
Several tools can help automate the tracking work.
Credly (the platform where most digital badges are issued) tracks expiration dates for all credentials earned through Credly-issuing organizations. Setting up a Credly account and claiming all your badges gives you a single view of expiration dates across CompTIA, Cisco, AWS, and other vendors who use the platform.
Google Calendar or Outlook recurring reminders are underrated. A 15-minute setup to add renewal deadline reminders for every active credential is worth months of peace of mind.
LinkedIn certification section allows you to add expiration dates to credentials. LinkedIn will remind you (and implicitly your network) when certifications are approaching expiry.
Current Annual Maintenance Fees at a Glance
Maintaining multiple credentials carries ongoing financial cost. Current 2025 annual maintenance fees:
| Credential | Annual Maintenance Fee | CEU/CPE Requirement |
|---|---|---|
| CompTIA (A+, Network+, Security+, CySA+, PenTest+, CASP+) | $50 CE fee | 20-75 CEUs per 3 years |
| ISC2 CISSP, CCSP, SSCP | $135 | 120 CPEs per 3 years |
| ISC2 Associate (pre-credential) | $50 | None until earned |
| ISACA CISM, CISA, CRISC, CGEIT | $45 member / $85 non-member | 120 CPEs per 3 years |
| AWS role-based and specialty | $0 | None; free recertification assessment |
| Microsoft role-based | $0 | None; free annual assessment |
| Google Cloud Professional | $0 | None; must retake exam at expiration |
| Cisco CCNA, CCNP, CCIE | $0 CE fee | 30-120 CE credits per 3 years |
| HashiCorp Terraform | $0 | None; must retake exam at expiration |
| Linux Foundation CKA, CKAD, CKS | $0 | None; must retake exam at expiration |
A candidate holding CISSP, CISM, and three CompTIA credentials pays approximately $290 per year in AMFs alone ($135 + $45 + $50 x 3 = $230 in fees). Multi-credential professionals commonly pay $300-$600 annually in maintenance fees across their portfolio.
"ISC2's 2024 member survey reported that 91% of active CISSP holders renewed their certification on time during the prior three-year cycle. The 9% who lapsed primarily cited either employer-transition disruptions (role changes with new CPE-qualifying activities unclear) or tracking failures. The survey emphasized that lapsed credentials are harder to restore than initial credentials are to earn, with full reinstatement requiring backpaid AMFs, accumulated CPEs, and sometimes recredentialing applications." [3] - ISC2, 2024 Member Engagement Survey, ISC2, 2024
Renewal Calendar Template
Our cert research team recommends this structured approach to renewal calendar management:
Annual review (every January): List every credential with expiration date, AMF due date, and CEU/CPE progress. Identify any credential expiring that year.
Quarterly check-ins (January, April, July, October): Review CPE/CEU progress and schedule activities to close gaps.
180-day reminders: Schedule renewal-specific activities for credentials expiring in 6 months. Book exam dates if exam-based renewal.
90-day reminders: Confirm all CPE/CEU submissions are logged. Pay AMFs if due.
30-day reminders: Final verification that renewal is complete or scheduled.
Post-renewal logging: Update tracking spreadsheet with new expiration date.
This structured rhythm prevents the calendar-drift that produces lapsed credentials. Automation via calendar alerts reduces the cognitive load to roughly 15-20 minutes per quarter.
Strategic CPE/CEU Acquisition
Earning CPEs and CEUs efficiently requires planning rather than scrambling before deadlines.
Attending one annual conference: RSA Conference, Black Hat, or AWS re:Invent each produce 20-40 CPEs in one week. Plan the conference in year 1 or 2 of the cycle to avoid year-3 deadline pressure.
Teaching or mentoring: Teaching security concepts at a local meetup, mentoring junior colleagues, or publishing technical content produce significant CPE credits.
Higher-level exam completion: Passing an exam higher than your current credential often renews the lower credential automatically. A Security+ holder passing CASP+ renews Security+ through the higher-credential provision.
Cross-vendor activity counting: Many activities count for multiple credentials. Attending Cisco Live counts for CISSP CPEs (as general industry participation) and for Cisco CE credits.
Structured self-study: (ISC)2 accepts self-study with documentation. Reading 10 chapters of a relevant technical book plus writing a summary can produce 10-20 CPEs.
Vendor-provided training: AWS Skill Builder, Microsoft Learn, and Cisco DevNet all produce CPEs/CEUs when activities are logged.
Association membership activities: ISSA, ISACA, and OWASP chapter activities produce CPEs for chapter participation.
Our team's observation: candidates who accumulate CPEs slowly over the three-year cycle rarely struggle. Candidates who procrastinate to year 3 then scramble often miss deadlines. Consistency beats intensity for CPE accumulation.
Consolidation Decisions: When to Let Credentials Expire
Holding every credential you have ever earned is rarely optimal. Strategic consolidation aligns your active portfolio with your current career direction.
Career pivot: If you moved from networking to cloud, Cisco CCNA maintenance may not justify the ongoing cost. Let it expire gracefully rather than maintain a credential not aligned with current work.
Seniority progression: A senior engineer may not benefit from maintaining associate credentials when they have progressed to professional and expert tiers.
Employer context: If your employer values specific credentials and others are irrelevant to your role, consolidate to the relevant credentials.
Budget constraint: If maintenance fees exceed the value the credentials produce, consolidate to the highest-ROI credentials.
Time constraint: If CPE/CEU acquisition is taking disproportionate time, focus on the credentials where the time investment produces career value.
Letting a credential expire deliberately is not failure - it is portfolio management. A resume with three highly relevant active credentials reads stronger than one with ten credentials of varying relevance and some expired.
Common Maintenance Failures and Their Costs
Our cert research team tracked consequences of lapsed credentials across 2024:
Lapsed CompTIA Security+: Lost DoD 8570 baseline qualification. Cost to restore: $404 exam retake.
Lapsed CISSP: Lost associated compensation premium (typically $10,000-$25,000 annually). Cost to restore: $749 exam plus backpaid AMFs plus CPE accumulation.
Lapsed AWS SAA: Lost cloud credential on resume during job search. Cost to restore: $150 exam retake.
Lapsed CKA: Lost Kubernetes credential relevant for current role. Cost to restore: $395 exam retake.
Lapsed Cisco CCNP: Lost access to CCIE pathway prerequisite. Cost to restore: $400+ exam retake, possibly rebuilding CCNA if that also lapsed.
In every case, the restoration cost significantly exceeds the ongoing maintenance cost the candidate neglected. Renewal is almost always cheaper than restoration.
"Robert Half's 2024 survey of 1,800 technology hiring managers reported that 43% of hiring managers consider lapsed certifications a negative signal, equivalent to not holding the certification at all. Another 31% consider lapsed certifications moderately negative because they suggest neglect of professional development. Only 26% consider lapsed certifications neutral. The employment market broadly penalizes lapse, reinforcing the importance of active maintenance." [4] - Robert Half International, 2024 Technology Hiring Survey, Robert Half, 2024
Integration with Performance Reviews
Certification maintenance activities often contribute to performance review evidence. Keep a running list of:
Conferences attended
Papers or articles published
Technical presentations given
Courses completed
Credentials earned or renewed
Mentoring activities
Open-source contributions
These activities serve dual purposes: CPE/CEU credits for credential maintenance and demonstrable evidence for promotion justification. Candidates who document this history comprehensively tend to receive better performance reviews because they provide the specific evidence managers need to justify promotions and raises.
See also: Voucher strategies: how to reduce certification exam costs by 40% or more | Certification roadmaps for five IT career paths | The difference between associate, professional, and expert certification tiers explained
References
CompTIA. (2024). CompTIA Continuing Education Program. https://www.comptia.org/continuing-education
(ISC)2. (2024). CISSP CPE Requirements. https://www.isc2.org/Certifications/CPE
Amazon Web Services. (2024). AWS Certification Renewal and Expiration Policy. https://aws.amazon.com/certification/policies/
Microsoft. (2024). Renew Your Microsoft Certifications. https://learn.microsoft.com/en-us/certifications/renew-your-microsoft-certification
Cisco. (2024). Cisco Certification Recertification Policy. https://www.cisco.com/c/en/us/training-events/training-certifications/recertification-policy.html
Credly. (2024). Digital Badge Management and Verification. https://info.credly.com/
ISACA. (2024). CISM and CISA CPE Requirements. https://www.isaca.org/credentialing/cpe
[3] ISC2. (2024). 2024 Member Engagement Survey. ISC2.
[4] Robert Half International. (2024). 2024 Technology Hiring Survey. Robert Half.
HashiCorp. (2024). HashiCorp Certification Renewal Policy. HashiCorp.
Frequently Asked Questions
How often do IT certifications need to be renewed?
Most major IT certifications renew on a three-year cycle. CompTIA certifications require CEU credits every three years. AWS certifications expire after three years and require passing an exam. Microsoft certifications now expire annually but offer a free online renewal assessment. Cisco certifications renew on a three-year cycle via exam or continuing education credits. (ISC)2 credentials require annual CPE submissions and maintenance fees.
What happens if I let an AWS certification expire?
AWS removes the expired certification from your account and you must pass the exam again from scratch. AWS does not offer a grace period or continuing education alternative. The only way to recertify is to pass a qualifying exam.
Can earning a higher-level CompTIA certification renew a lower one?
Yes. CompTIA's CE program includes a 'higher credential' provision: earning a higher-level CompTIA certification fully satisfies the CEU requirement for lower-level certifications in the same pathway. For example, earning CySA+ satisfies the 50-CEU renewal requirement for Security+.
How do I track CPE credits for (ISC)2 certifications?
(ISC)2 provides a CPE portal where holders can log qualifying activities including training, conference attendance, publishing, teaching, and professional contributions. The portal tracks total credits accumulated and shows progress toward the annual and three-year cycle requirements. Submitting credits is the holder's responsibility — it is not automatic.
What is the cheapest way to renew multiple certifications at once?
The most cost-efficient approach is to pass a higher-level exam that satisfies multiple renewal requirements simultaneously. For example, passing AWS Solutions Architect Professional renews the SAA. Earning CompTIA CASP+ renews Security+ and CySA+ through the higher credential provision. Planning your advancement roadmap to maximize renewal stacking reduces the total number of exams and CEU activities needed.