Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Renew Your CSIH Certification

By earning the CSIH certification, you have received one of the most prestigious designations offered to computer security incident management professionals. The achievement represents having both the current skills and commitment to a life-long learning process. This CERT-branded certification will enable you to be recognized internationally as a security professional having skills and abilities that are in demand in the computer security arena.

Renewal of your certification ensures that individuals holding the CSIH certification demonstrate ongoing commitment to professional growth and development and to staying current with changing technology.

Your CSIH certification is valid for a period of three (3) years from the award date. In order to remain current with changing technology, you must be actively engaged in the practice of computer security incident handling, engage in professional growth activities, and expand your skills.

Renewal program requirements

Renewal period is three years from the certification award date. Completion of all criteria is to be submitted to the SEI 30 days before the last day of the expiration month. Submission and approval of documentation supporting completion of 60 Professional Development Units (PDU) completed during the renewal cycle. Submission of the certification renewal fee of $150 (US) to the SEI with the renewal application packet.

Professional development units

The SEI requirement for obtaining PDUs after the certification is awarded assures us that certified individuals show continued commitment to the demonstration of their technical skills and abilities, as well as continued awareness of emerging technologies and processes associated with incident handling activities. CERT-certified CSIH professionals are encouraged to also select activities that will expand or complement their knowledge and skills.

A PDU is a measuring unit used to quantify learning and development activities. One (1) PDU can be earned for every one (1) hour spent in a planned structured experience or activity within the limits set by the SEI (see below). The SEI does not pre-approve PDUs. It is the responsibility of the CSIH professional to ensure activities meet renewal criteria. To maintain a balance in renewal activities, some activities have a maximum number of credits that can be allotted towards the renewal criteria.

Activities that qualify for PDU credit are divided into four categories.

1.  Professional activities

One (1) hour of professional activity in the field of computer security incident handling earns one (1) hour of PDU credit as approved by the SEI, up to 40 PDUs per renewal cycle for this category. 

Professional activities include

  • Participating in a CSIRT or performing incident management tasks for at least 25% of full-time work activities
  • Completion of in-house seminars, training, or educational classes
  • Attendance at approved association or society meetings

2.  Continuing education 

Completion of formal academic or professional education where computer security is the primary topic of instruction.  Credits in this category are limited to 23 PDUs per renewal cycle.

  • Completion of one (1) semester hour (2.5 hours per week in a 15-week course) earns 15 PDUs
  • Completion of one academic quarter hour (2.5 hours per week in a 10-week course) earns 10 PDUs
  • Completion of one (1) CEU earns 10 PDUs
  • Completion of a course or seminar offered by the SEI, SEI Partner, or training provider as approved by the SEI earns 1 PDU for each contact hour

3. Teaching, presentations, and development

Credits in this category are limited to 20 PDUs per renewal cycle.

  • One (1) hour of teaching courseware directly related to computer security incident handling earns 1 PDU. Teaching credit is awarded for courses taught the first time during the renewal cycle
  • One (1) hour of participation in the development of course curricula earns 1 PDU for each activity
  • One (1) hour of speaking or presenting at a conference, seminar, or society meeting earns 1 PDU per activity
  • One (1) hour of participation in the development of presentations for conferences, seminars, or society meetings earns 1 PDU per activity

4.  Authoring activities 

Credits in this category are limited to 30 PDUs per renewal cycle.

  • Author or co-author an article related to computer security incident handling that is published in an SEI approved journal or magazine earns 10 PDUs per activity
  • Author or co-author a book or test book that pertains to computer security that is published within the renewal cycle earns 20 PDUs per activity
  • Author, co-author, or contributing editor to online newsletter that pertains to computer security earns 10 PDUs per activity

If you author or co-author anything that is published, please send a copy or provide information about how to obtain a copy to certification-info@sei.cmu.edu.

Record keeping and documentation

Each CSIH will be responsible for maintaining their CSIH Certification Renewal Activity Log. This log should list PDU activities in support of the certification renewal process. It is important that the log contain specific data to accurately identify the submitted activity. Refer to the Sample Renewal Activity Log for an example of renewal activities recorded over a complete renewal cycle. The log, supporting documentation, and renewal fee should be submitted to the SEI 30 days prior to the end of the renewal cycle. The SEI may request additional clarification of data to check the log and listed activities.

Rejected renewal activity log entries

Upon review of the submitted Renewal Activity Log, if the SEI does not agree that the renewal criteria has been met, the CSIH professional will be contacted to discuss any discrepancies or adjustments in the number of earned PDUs and/or deletion of entries that do not meet the renewal criteria. If a Renewal Activity Log is rejected, the CSIH professional will be notified and will have 60 days to provide additional supporting documentation, to obtain additional PDUs, or to correct any discrepancies in their Renewal Activity Log.

SEI audit of the CSIH certification renewal program

The SEI Certification Program reserves the right to audit 5% of submitted logs each year. This will ensure the quality of activities submitted continue to meet certification program requirements. If a CSIH professional is selected for an audit, they will be notified by letter and may be asked to supply additional information or supporting documentation as it relates to their individual Renewal Activity Log.

Each year the SEI will survey the Certified professional community to continuously measure the community’s incident handling competency, skills, and tasks performed while on the job. Completion of this survey qualifies as renewal credit for 1 PDU hour per survey under the professional activity category.