SANS GIAC to require CMU's (CPE)

GIACThe GIAC program is making a major shift regarding our recertification approach. Instead of only offering a recertification exam, GIAC will allow individuals to maintain their credentials using a Certification Maintenance Units (CMUs) approach.

This program change increases the options available to individuals. The new certification maintenance price is $399, due once every four years, at the time of registration.

Each GIAC certification remains valid for 4 years. The first 2 years you are certified requires no further action from you. After 2 years, the certification renewal process will begin with the ultimate goal being that you have demonstrated ongoing competency in the Information Assurance field. For each GIAC certification you need to acquire 36 CMUs (Certification Maintenance Units) after the two year mark and before your certification expires. Historically, you registered for your GIAC Recertification exam, received an updated set of course materials, and took your exam at a specified proctored site. This option is still available.

On March 1st, 2010, GIAC will begin to offer expanded certification maintenance options. Besides the existing method of retaking the standard certification exam, we will offer two main additional options. One alternative is for you to submit a published technical research paper, such as a GIAC Gold Paper. Another alternative is to take additional information assurance training courses, such as SANS training courses. There are also supplemental options described below that can be combined with any of the main options to help you reach the required 36 CMUs.

Below you will find information regarding each option, how the options can work together to meet the certification maintenance requirements, and the CMU breakdown for each option. Please pay close attention to the specific requirements of each option so you will be credited for the work you have accomplished and experience you have gained in the Information Assurance industry. All renewal options require a $399 certification maintenance fee, due once every four year period. This fee includes a current set of certification specific course materials should you choose to receive them. The updated course materials are available to you regardless of the renewal options you utilize and will aid you in keeping your skill set current. You are responsible for shipping fees.

If you have more than one certification expiring, you will receive a discount for any additional certifications that expire within two calendar years of the first. After the first $399 certification renewal, all additional certification renewals during this two calendar year period are $199 each.

All Certification renewal and application options will become available for registration in your portal account two years in advance of your certification expiration date.

Retaking the Standard Certification Exam

36 CMUs are awarded upon achieving a passing exam score.

  • Retaking and passing the certification exam must be completed after the two year mark of your certification to demonstrate ongoing competency.
  • You can reference your complete certification history through your portal account via the "Certification History" link in the exam engine. Earning CMUs via this option will require passing one proctored exam.
  • Once your registration and payment have been processed, your reference materials will be shipped to the address provided in your registration. You will then receive access to your two practice tests via the GIAC exam engine. This will allow you to keep current with the latest industry material, and prepare for your exam. You are not required to complete any additional training with this option - you are only required to pass the exam.
  • You will have four months from the date your registration is processed and payment received to complete your proctored certification exam.

Published Technical Research Paper

36 CMUs

  • Research paper must be completed and published after the two year mark of your certification to demonstrate ongoing competency.
  • GIAC Gold Paper - The GIAC Gold program can be leveraged to apply towards your certification maintenance needs. To take part in the GIAC Gold program, from your portal account click on the "Certification History" link, then on the "Go Gold" link for the respective certification. You are responsible for the $299 Gold fee once your gold application has been approved. Within the gold program you will be working with a GIAC Gold Adviser to complete your research project.
  • Separate from the Gold Program, you are still responsible for the $399 GIAC Certification Maintenance fee to have a gold paper credited towards your CMUs and ongoing certification maintenance requirements.
  • Published Research within the Information Assurance industry - Submit proof of your published article from a peer reviewed journal, such as IEEE
  • Submit proof of approved and published Gold Paper

Completed Information Assurance Related Training

Up to 36 CMUs awarded

  • Training must be completed after the two year mark of your certification to demonstrate ongoing competency.
  • You are required to submit your Certificate of Completion for any training.
  • SANS 6 day course: 36 CMUs, SANS 1 day course: 6 CMUs
  • Credit does not apply for Self Study or purchased text books.
  • Qualifying 6 day Information Assurance course (non-SANS): 36 CMUs
  • Qualifying 1 day Information Assurance course (non-SANS): 6 CMUs
    • Any verifiable Information Assurance training course offered by ISC2 or ISACA counts per course day, minimum 6 contact hours per course day
    • You are required to submit proof of training (i.e. Certificate of Completion, CPEs, CEUs, reference your invoice, etc.)
    • To apply training for your certification renewal that is not referenced above, please see the Application for Alternative Accredited Certification Programs. This will provide information to help determine if the alternative training meets necessary requirements.
  • There is not a predetermined list of training courses that can be applied for credit to each certification. Specific courses topics are subject to approval based on relevancy to your certification, your current position and ongoing competency. Therefore, it is important that you clearly document the relevancy of the course topic to your position and how it aides in your ongoing competency related to your certification.

Documented Work Experience

12 CMUs (limit 12 CMUs per certification renewal)

  • Work experience documentation must be completed after the two year mark of your certification to demonstrate ongoing competency.
  • To qualify, you must have completed job duties utilizing actual Information Assurance experience within two of the previous four years.
  • You must provide verification from work supervisors and documentation of your job description and duties performed.

GIAC / SANS Community Participation

6 CMUs (limit 6 CMUs per certification renewal)

  • Community participation documentation must be completed after the two year mark of your certification to demonstrate ongoing competency.
  • Writing questions for GIAC or participating in GIAC job task analysis studies
  • Teaching a related and verifiable Information Assurance course
  • Acting as a Facilitator at a SANS conference
  • SANS mentor / virtual mentor
  • ISC Handlers


Here are some examples of how to use these options to your advantage to reach the full 36 CMUs requirement while also showing ongoing competency in the Information Assurance field.

Person A earned the GSEC on January 1, 2005. On February 1, 2007 s/he took the SEC610 SANS Malware course, a 4-day course, and is applying 24 CMUs from taking that course to renew GSEC. In addition s/he has documented work experience for two years as an incident handler and is applying 12 CMUs from that to renew GSEC. S/He now has the 36 CMUs needed.

Person B earned the GSEC but has recently moved into a management position and takes MGT512, a 5-day management course. They are applying 30 CMUs corresponding to the 5 days of trainings toward his/her GSEC renewal. S/He also has written exam questions for GIAC and is awarded 6 CMUs. S/He now has the 36 CMUs needed.

Please contact This email address is being protected from spambots. You need JavaScript enabled to view it. with any questions, comments or concerns you may have regarding the certification renewal process.


It is possible that GIAC will be unable to accept one or more of your submissions for credit towards your certification renewal. In order to ensure our certified professionals are sufficiently meeting GIAC standards of continuing education, we must adhere to certain ISO/IEC/ANSI 17024 guidelines and rules regarding ongoing competency:

  1. In order to count towards your certification renewal, submissions must demonstrate your ongoing information assurance competency throughout the course of your certified status. In order to ensure this, any renewal actions must have taken place in the latter 2 years of your certification period.
  2. We limit the types of training courses that can be accepted to those that can be verified as coming from an institution or training provider in conjunction with an ISO/IEC/ANSI 17024 accredited information assurance certification program. Currently ISC2 and ISACA training programs are accepted in addition to SANS Institute training. Click here for an application to allow for alternative ISO/IEC/ANSI 17024 accredited information assurance training courses to be submitted for approval.
  3. We limit the types of technical research papers and publications that are accepted towards certification maintenance as well. While publication at any level is certainly a commendable achievement, we only accept submissions that clearly demonstrate ongoing technical competency in the realm of information assurance via published technical articles from a peer reviewed journal, such as IEEE.
  4. Work experience and/or community involvement credits must meet established standards for technical relevance and be properly documented for verification and audit purposes.

We ask for your understanding and if you feel you need to discuss this further please do not hesitate to contact Stephen Northcutt, Chair GIAC Board of Directors, This email address is being protected from spambots. You need JavaScript enabled to view it., 1+ (808) 823-1375

We use cookies to maintain login sessions, analytics and to improve your experience on our website. By continuing to use our site, you accept our use of cookies, Terms of Use.