Questions/Comments?
Please contact cert-renewal@giac.org
GIAC Certification Maintenance Guidelines and Requirements
Summary
The GIAC program has made a major shift regarding our certification renewal approach. In addition to offering the option to retake the certification exam, GIAC now supports individuals maintaining their credentials using a Certification Maintenance Units (CMUs) approach. This program change increases the options available to individuals, with a focus on demonstrating ongoing competence through continued training. It is important to note that while other organizations have similar methods of tracking credits towards certification renewal (CPE's, CEU's, etc), GIAC CMUs will not always match up with other programs exact values.
Each GIAC certification remains valid for 4 years. The first 2 years you are certified require no further action from you. After 2 years, the certification renewal process will begin, with the ultimate goal being that you have demonstrated ongoing competency in the Information Assurance field.
For each GIAC certification you wish to renew, you need to acquire 36 CMUs (Certification Maintenance Units) after the two year mark and before your certification expires. For example, if you earn certification in June 2010, you must acquire the 36 CMUs between June 2012 and June 2014.
In order to reach the 36 CMUs required to maintain certification there are 3 main options that include:
- Retaking the standard certification exam
- Attend or teach ISO 17024 related information assurance training courses, such as SANS training courses or post graduate level information assurance courses.
- Submit a published technical research paper, such as a GIAC Gold Paper
There are also supplemental options, which can be combined with additional training to help you reach the required 36 CMUs:
- Other Training Courses / Events (non-SANS/ISO 17024 related training)
- Work Experience
- GIAC / SANS /Community Participation
Additional details regarding each option are provided following the summary table. Please pay close attention to the specific requirements of each option so you will be credited for the work you have accomplished and experience you have gained in the information assurance industry.
The new certification maintenance price is $399, due once every four years, at the time of registration.
The table below summarizes the options available for certification renewal, the CMU breakdown for each option, along with guidelines for how the main and supplemental options can work together to meet your certification maintenance needs.
GIAC Certification Renewal CMU Options Table
| Training and Research Paper Options | CMUs | Maximum CMUs Allowed for Required 36 in 4 years Per Certification | More Details |
|---|---|---|---|
| GIAC Certification Exam | 36 | 36 | More Details |
| *Attending SANS or ISO 17024 related Training Courses | 1 CMU per contact hour (Base 6 CMUs per full training day) | 36 | More Details |
| Published Information Assurance Research Paper or Book | 36 (18 for co-authored) | 36 | More Details |
| Information Assurance Post Graduate Classes | 12 (per 3-5 credit hour course) | 36 | More Details |
Supplemental Options to be combined as needed with above to reach 36 CMUs |
|||
| Other Training Courses / Events (non-SANS/ISO 17024 related training) | up to 12 | 12 | More Details |
| Work Experience | 6 per year | 12 | More Details |
| GIAC / SANS /Community Participation/Contribution to InfoSec-related Magazine | up to 6 | 6 | More Details |
* Any option selected must be completed and documented within the final two years (24 months) of your certification window. CMUs cannot be used for more than one certification renewal, nor can they be split between two certification renewal attempts.
GIAC CMUs vs. Other Programs Credit
Credential granting bodies define their own units of measure for continuing education and credential maintenance, which are not widely standardized. The number of credits each organization requires varies greatly depending upon the credential, granting agency, and how the credits are defined, what activities are accepted, and the various categories or groupings used.
Like other organizations, GIAC chose to create its program to suit the community we serve. Therefore, there is no direct one-to-one mapping of GIAC Certification Maintenance Units (CMUs) to other organizations units of continuing education (CPE's, CE's, CEU's, etc), except for where explicitly specified in our policy. Other organizations require more units, and thus award credit for less in-depth activities such as attending meetings, magazine subscriptions, listening to vendor presentations, etc. GIAC's CMUs are more focused units of measure, and we define one CMU as equivalent to one contact hour of intensive classroom training.
Thirty-six (36) CMUs are required to renew each GIAC certification. These numbers are derived from feedback of numerous customers, advisory board members, and certification industry consultants. Consensus reflected that participating in an intensive six-day security course is equivalent to the effort involved in retaking the certification exam. It was also established that some credit is warranted for attending Information Security conferences, panel discussions and participating in other areas of the Information Security industry. However, these secondary activities are not at the same level as taking an intensive skills-based security course. This approach makes the certification maintenance process as simple as possible, while giving our customers many options for renewal, and maintaining an emphasis on hands-on skills coupled with continuing education.
General Program Rules and Information
All Certification renewal and application options will become available for registration in your GIAC portal account (https://exams.giac.org/) two years in advance of your certification expiration date.
After your registration is complete and payment is received, all GIAC certification renewal options are documented and submitted through the GIAC Portal.
CMUs must be unique to each certification a candidate is wishing to renew; in other words, you may NOT apply the same training, published research paper, work experience, or community involvement CMUs to more than one certification renewal. For example, if you have a GCFA and GCIA to renew and have taken SANS SEC560 course, you may apply those 36 CMUs to either your GCFA renewal OR your GCIA renewal, NOT BOTH.
The complete application and all supporting documentation must be submitted at the same time.
- For example, if you wish to renew your certification using 4 days (24 CMU) of training, and 12 CMUs for work experience, please submit your application, certificate of completion for the training and information from your employer at the same time.
Applications that are incomplete, or that request CMUs without the required supporting documentation will be rejected as incomplete. You may resubmit the application and supporting documentation once the application is complete and all supporting documentation is provided.
It is your responsibility to submit your documentation before your certification attempt expires, and at this time extensions to your deadline are not available for purchase. In order to ensure your application is received and reviewed before your deadline, we suggest submitting your paperwork at least 15 business days prior to your certification's expiration date.
All renewal fees are required to be paid in full before your certification renewal application will be processed. The renewal fee includes a current set of certification specific course materials should you choose to receive them. The updated course materials are available to you regardless of the renewal option(s) you utilize and will aid you in keeping your skill set current. You are responsible for shipping fees associated with receiving updated course materials.
If you register for more than one certification renewal in a two-year period, you will receive a discount. After the first $399 certification renewal, all additional certification renewals during the following two year period will cost only $199 each. For example, if you complete registration for your GSEC renewal on May 5th 2010, any additional renewal attempts purchased between May 5th, 2010 and May 5th, 2012 will cost only $199 (plus shipping fees).
All information submitted under certification maintenance is carefully reviewed by our staff and subject to external verification. Renewal candidates who knowingly and willingly submit false information or forged documents may be reported to the Ethics Council for review. Possible sanctions could include revocation of all GIAC certifications or barring from participation in GIAC community events.
