Do I have to pay for ISC2?

What Is ISC2, and Why Do People Care About the Cost?

Imagine a professional club where everyone speaks the language of cybersecurity. That club is ISC2, short for the International Information System Security Certification Consortium. The group is best known for high-profile certifications like CISSP, SSCP and the newer Certified in Cybersecurity, or CC. Employers around the world rely on those certs as proof that someone really does know how to keep data safe. Because certifications have real career value, it makes sense to ask early, “Do I have to pay for ISC2, and if so, how much?” The answer depends on what stage you are in your journey—candidate, exam-taker, new member or long-time holder of multiple certs—so let’s break it down step by step.

Breaking Down the Costs: Exams, Membership, and Maintenance

The very first bill most people see is the exam fee. In the United States, the entry-level CC exam costs about $199, while the flagship CISSP exam is $749. Other specialty exams such as CCSP, CGRC and CSSLP run around $599 each. Those price tags are set by ISC2 and collected when you register through Pearson VUE, so they are hard costs you can’t skip unless you qualify for a special voucher.

Passing the exam is a big milestone, but it is not the last time you will reach for your wallet. Once you succeed and complete the short endorsement process, you officially become an ISC2 certified member. Certified members pay something called an Annual Maintenance Fee, or AMF. If you hold CISSP, SSCP, CCSP, CGRC, CSSLP, ISSAP, ISSEP or ISSMP, the current AMF is $135 per year. If you only hold the CC certification, the AMF is $50 per year. ISC2 bills you on the anniversary of your certification date, and one payment covers every ISC2 certification you hold, so someone with CISSP plus CCSP still pays a single $135 fee.

There is also a middle ground called “Associate of ISC2.” Maybe you passed the exam but have not yet earned the required work experience. Associates pay the same $50 AMF as CC-only members. Once you log enough experience to flip into full certification, ISC2 simply invoices the extra $85 difference so you end up at the $135 total for the year. The good news is that, whether you are an Associate or a certified member, paying the AMF keeps your digital badge active, lets you log continuing-education credits, and unlocks discounts on training and events.

When You Might Not Have to Pay Anything

Not everyone starts by writing a check. ISC2 launched a “Candidate” program that lets anyone create an account and join the community without sitting an exam or showing job experience. The first year of Candidate status is completely free, and you still get perks like discounted training, access to webinars and member rates for Security Congress. When that free year ends, staying a Candidate costs $50 annually, the same as the CC AMF.

The Candidate path pairs nicely with ISC2’s “One Million Certified in Cybersecurity” pledge. Under that initiative, Candidates can enroll in the official CC self-paced course and sit for the CC exam once at no charge. If you pass, you pay the $50 AMF to become a certified member. If you do not pass, you can retake the exam, but the second try will cost the standard $199. Therefore, a beginner could realistically earn an ISC2 certification for only $50 total if they study hard and pass on the first attempt.

Even experienced professionals can save money through promotions called “Peace of Mind Protection” vouchers. When you buy an exam with this add-on, you receive a second attempt within 180 days at no extra cost. That safety net means you are effectively splitting the exam price over two tries, bringing down the per-attempt cost if you need a mulligan. Vouchers do have expiration windows and waiting periods between attempts, so always read the fine print before checking out.

Smart Ways to Save on Your ISC2 Journey

Planning ahead is the best way to keep fees from sneaking up on you. If you think you might need a retake, block off study time and schedule that first test early enough in the year to keep within ISC2’s four-attempt-per-year limit. Remember that after a failed first try you must wait 30 days, after a second try 60 days, and after a third try 90 days before sitting again. Knowing those gaps helps you avoid paying rush fees or losing a voucher because a deadline slipped by.

Another tip is to coordinate your Candidate dues and certification timeline. Suppose your Candidate renewal date is coming up, but you are weeks away from taking the CC exam. Paying the $50 dues now is not wasted money; ISC2 applies that payment toward your first year of CC membership once you pass. In effect, the money shifts forward instead of doubling up. That small scheduling trick keeps your account in good standing while sparing you a second invoice.

If you are employed, ask whether your company’s training budget covers professional certification. Many security teams will happily reimburse exam fees and AMFs because they benefit when staff hold respected credentials. Some organizations even negotiate corporate vouchers or group pricing with ISC2, stretching the value of every dollar. It never hurts to check—an email to HR could save you hundreds. While policies vary by employer, leveraging them can turn “Do I have to pay?” into “My company paid for me.” (General industry practice; no specific citation required.)

Final Thoughts: Is the Investment Worth It?

In the end, paying for ISC2 is less about the dollars and more about the doors those dollars open. A CC or CISSP credential signals to hiring managers that you understand core security concepts and that you are committed to ongoing learning. The AMF funds course updates, exam security and member services, all of which protect the value of your certification in the job market. Yes, the upfront exam fee and the yearly AMF are real expenses, but they function like tuition for a school whose alumni network spans the globe. When you measure the potential salary boost or career pivot that a certification can unlock, the math often tilts in your favor. So, do you have to pay for ISC2? Technically, no one forces you—but if cybersecurity is your career path, the investment may pay you back many times over in opportunity, credibility and community.