AAISM logo
Focused certification exam prep
Start practice
Home / Study Resources / Career Impact & Value / AAISM Application Processing Fee: What to Pay

AAISM Application Processing Fee: What to Pay After Passing

Updated 10 min read AAISM Exam Prep
Table of Contents
TL;DR
  • After passing the AAISM exam, a one-time $50 application processing fee is required to receive your certification.
  • Total post-pass costs include $50 processing plus $20/year (member) or $35/year (non-member) in annual maintenance fees.
  • ISACA membership saves $140 on the exam fee alone ($599 vs. $459), making membership cost-effective if you plan to certify.
  • You must hold an active CISM or CISSP throughout the entire AAISM certification lifecycle, not just at the time of application.

The $50 Application Processing Fee Explained

You passed the AAISM exam. The scaled score came back at 450 or above - somewhere on that 200-to-800 range - and now you're ready to make the certification official. Before ISACA issues your credential, there is one more financial step: a one-time $50 application processing fee.

This fee is separate from everything you paid to sit the exam. It is not included in your exam registration cost, and it is not waived for ISACA members. Every candidate, member or non-member, pays this flat $50 to convert a passing score into an active, issued AAISM certification.

Why the Processing Fee Exists: ISACA charges this post-pass fee to cover administrative verification - confirming your prerequisite credential (CISM or CISSP) is active, validating your professional standing, and formally issuing your certification record in their global registry. It is a one-time charge tied to the application itself, not to renewal.

Candidates sometimes discover this fee only after passing and feel blindsided. Budgeting for it from the start - before you even schedule the exam - is the cleaner approach. Think of the full AAISM investment as a multi-stage expense, not a single exam cost.

Full AAISM Cost Breakdown: Exam Through Certification

Understanding exactly where money flows throughout the AAISM process helps you plan accurately, especially if your employer is reimbursing costs or you are self-funding the credential. Here is every mandatory fee you will encounter from registration through your first certification year.

Fee Item ISACA Member Non-Member Notes
Exam Registration Fee $459 $599 Paid at registration; 12-month eligibility window begins
Application Processing Fee $50 $50 One-time; paid after passing to activate certification
Annual Maintenance Fee (Year 1) $20 $35 Due annually; covers CPE reporting and certification upkeep
First-Year Total (Minimum) $529 $684 Does not include CPE course costs or CISM/CISSP renewal
3-Year Certification Cycle Total (Fees Only) $569 $759 Exam + processing + three years of maintenance

These figures cover only ISACA-administered fees. They do not account for study materials, practice exams, or CPE courses you purchase to meet the 10 CPE hours per year in AI-specialized topics. Nor do they include whatever you spend maintaining the active CISM or CISSP that AAISM requires as a prerequisite - a point we'll cover in detail below.

When the Processing Fee Is Triggered

The $50 processing fee becomes payable specifically at the post-exam application stage. The sequence works like this:

  1. Registration: You pay the exam fee ($459 member / $599 non-member) and receive a 12-month eligibility window to schedule and sit the exam at a PSI testing center or via remote proctoring.
  2. Examination: You sit the 90-question, 150-minute multiple-choice exam through PSI - either at an authorized testing center globally or via remote proctoring (note: remote proctoring is not available in India, Mainland China, or Hong Kong, where physical PSI centers are required).
  3. Score Receipt: Your scaled score is reported. A passing score is 450 or above on the 200-to-800 scale.
  4. Application Submission: You submit your formal AAISM certification application to ISACA, which is where the $50 processing fee is collected.
  5. Verification and Issuance: ISACA confirms your active CISM or CISSP status and issues your AAISM certification.
Timing Matters: Do not delay your application submission after passing. If your underlying CISM or CISSP lapses during any gap between passing and submitting the application, ISACA may deny the application until that prerequisite is reinstated. The $50 fee does not hold your place indefinitely.

Candidates who pass close to their CISM or CISSP renewal date should prioritize renewing that underlying certification before submitting the AAISM application, even if it means a short delay in processing.

Annual Maintenance Fees After Certification

The AAISM certification is valid for 3 years, but staying certified is not passive. Each year, you owe ISACA an annual maintenance fee: $20 for members or $35 for non-members. This fee is tied to your CPE reporting and active status maintenance.

The CPE requirements attached to this annual fee are specific and cannot be treated as generic continuing education. AAISM mandates:

  • 10 CPE hours per year in AI-specialized topics - not general cybersecurity, not broad governance content, but work directly relevant to AI security management.
  • 30 CPE hours total across the 3-year certification cycle.

Understanding how these annual and cycle totals interact is important for planning your professional development budget. For a detailed breakdown of how to distribute hours across years without falling short at renewal, see our article on AAISM CPE Hours: Annual vs 3-Year Cycle Requirements.

What Counts as AI-Specialized CPE for AAISM?

ISACA requires that CPE hours submitted for AAISM maintenance be substantively relevant to AI security management. Activities likely to qualify include:

  • AI risk assessment frameworks and methodologies
  • Machine learning model security testing and adversarial threat analysis
  • AI governance policy development aligned with emerging regulatory guidance
  • AI architecture review and security control implementation
  • Attendance at ISACA-sponsored AI security events or domain-specific conferences

General cybersecurity CPE earned for your CISM or CISSP maintenance does not automatically count toward AAISM's AI-specialized requirement. You may need separate CPE tracking to avoid a compliance gap at renewal time.

ISACA Member vs. Non-Member: What You Actually Save

The decision about ISACA membership is worth making before you register for AAISM, not after. The math is straightforward when you compare total certification costs across the 3-year cycle.

Non-members pay $140 more on the exam alone ($599 vs. $459). Over three years of annual maintenance, non-members pay an additional $45 more ($105 vs. $60). That's a total 3-year differential of $185 in AAISM-specific fees - not counting whatever ISACA membership costs annually.

If you already hold a CISM or CISSP (which is mandatory to sit AAISM), there is a very high probability you are already an ISACA member, since ISACA membership is strongly incentivized for those credential holders. If you are not currently a member, calculate whether the membership fee is offset by the $185 you save across the AAISM certification cycle, plus any CISM or CISSP renewal discounts.

Non-Member Registration Is Still Valid: Opting out of ISACA membership does not affect your eligibility to sit AAISM or the validity of your certification if you pass. The exam is available in English and Spanish regardless of membership status. Non-members simply pay the higher rate at every fee stage.

Active CISM or CISSP: The Hidden Ongoing Cost

This is the prerequisite structure that catches candidates off guard after they earn AAISM. It is not enough to hold an active CISM or CISSP at the time of your AAISM application. You must maintain that underlying credential throughout the entire AAISM certification lifecycle.

If your CISM or CISSP lapses - due to missed CPE, unpaid maintenance fees, or an ethics violation - your AAISM certification is also at risk. These are two separate cost streams running in parallel:

  • CISM maintenance: separate CPE requirements and annual fees governed by ISACA
  • CISSP maintenance: separate CPE requirements and annual fees governed by (ISC)²
  • AAISM maintenance: 10 CPE hours/year in AI-specialized topics plus $20 or $35 annual fee

For professionals who hold CISM, this creates a layered ISACA compliance obligation. For CISSP holders who are not ISACA members, the cost structure is more complex because they're managing credentials across two different organizations simultaneously.

Candidates must also adhere to the ISACA Code of Professional Ethics for the duration of AAISM certification. Any ethics investigation that results in suspension of a prerequisite credential will cascade into AAISM status. This is not a theoretical edge case - it's part of the formal certification agreement every AAISM holder accepts.

Getting the Most From Your Exam Investment

Given the full cost picture - exam fee, processing fee, annual maintenance, plus prerequisite upkeep - the smartest financial move is passing on your first attempt. The exam fee is not refundable if you fail, and retaking the exam means paying again.

Because AAISM launched August 19, 2025, as Version 1, no published pass rate data exists yet. What we do know from the exam structure is that the 90 scenario-based questions are weighted heavily toward Domain 3: AI Technologies and Controls at 38%. This domain covers AI architecture, security controls design, testing methodologies, and ongoing monitoring - the operational, hands-on content of AI security management.

Domain 3: AI Technologies and Controls (38%)

The highest-weighted domain demands deep technical fluency combined with security governance thinking. Candidates must understand:

  • AI and machine learning architecture patterns and their associated attack surfaces
  • Security control selection and implementation for AI systems in production environments
  • AI model testing approaches including adversarial robustness and bias detection
  • Continuous monitoring frameworks for deployed AI systems
  • Integration of AI security controls with existing enterprise security programs

Domain 1: AI Governance and Program Management (31%)

Tied for second-highest weight, this domain focuses on the organizational and strategic layer of AI security management:

  • Building and structuring an enterprise AI security program
  • AI governance frameworks aligned with regulatory and ethics requirements
  • Roles, responsibilities, and accountability structures for AI oversight
  • Communication of AI security posture to executive and board audiences

Domain 2: AI Risk Management (31%)

Also 31% of the exam, this domain tests candidates on:

  • AI-specific risk identification, assessment, and prioritization
  • Risk treatment strategies for AI systems including avoidance, mitigation, and transfer
  • Third-party AI risk and supply chain considerations
  • Risk monitoring and reporting across the AI system lifecycle

A focused study plan allocates the most time to Domain 3, followed by equal attention to Domains 1 and 2. If you plan a six-week preparation window, a practical allocation looks like this:

Weeks 1-2

Domain 3 Deep Dive (AI Technologies and Controls)

  • AI architecture review and attack surface mapping
  • Security control frameworks for ML systems
  • Adversarial testing and model validation techniques
  • Practice scenario questions on monitoring and detection
Weeks 3-4

Domains 1 and 2 (Governance and Risk)

  • AI program structure and governance frameworks
  • Risk assessment methodology applied to AI-specific threats
  • Third-party and supply chain AI risk scenarios
  • Regulatory alignment and ethics considerations
Weeks 5-6

Integration and Scenario Practice

  • Full-length timed practice sessions (90 questions, 150 minutes)
  • Review weak areas across all three domains
  • Focus on scenario-based question interpretation and elimination technique
  • Confirm exam logistics: PSI center location or remote proctoring eligibility

For scenario-based practice that mirrors the actual AAISM question format, working through questions on the AAISM Exam Prep practice test platform is one of the most direct ways to calibrate your readiness before paying the exam fee. The format - real-world AI security management scenarios requiring judgment rather than rote recall - cannot be prepared for with flashcards alone.

You can also review the full breakdown of AAISM Application Processing Fee: What to Pay After Passing to share with your employer if you're seeking reimbursement - having the complete cost picture documented helps finance or HR approvals move faster.

Organizations hiring for roles that value AAISM - enterprise security teams managing AI deployments, consulting firms advising on AI governance, financial services and healthcare companies navigating AI regulatory exposure - want to see that candidates understand both the technical and governance layers of AI security. Domain 3's 38% weighting signals that ISACA views hands-on technical competency as the core differentiator for this credential, layered on top of the governance and risk fluency already demonstrated through CISM or CISSP. Supplement your practice exam preparation with real-world AI security case studies and ISACA's published AI-related guidance to close the gap between certification knowledge and applied expertise.

Frequently Asked Questions

Is the $50 AAISM application processing fee refundable if my application is denied?

ISACA does not publicly document a blanket refund policy for the processing fee. Applications are most commonly denied when the prerequisite CISM or CISSP cannot be verified as active. To protect this fee, confirm your underlying credential is current before submitting your AAISM application. Contact ISACA directly if your application encounters an issue.

What happens to my AAISM certification if my CISM or CISSP lapses?

Because an active CISM or CISSP is a mandatory prerequisite throughout the AAISM certification lifecycle - not just at the application stage - allowing that underlying credential to lapse puts your AAISM status at risk. ISACA requires that you maintain the prerequisite continuously. If your CISM or CISSP lapses, you should contact ISACA immediately to understand next steps before your AAISM certification is affected.

Can I sit the AAISM exam via remote proctoring anywhere in the world?

Remote proctoring through PSI is available globally with three exceptions: India, Mainland China, and Hong Kong. Candidates in those locations must sit the exam at an authorized PSI physical testing center. Everywhere else, you may choose between a testing center and remote proctoring based on your preference and logistics.

How is the AAISM annual maintenance fee different from the CPE requirement?

They are two separate obligations. The annual maintenance fee ($20 for ISACA members, $35 for non-members) is a financial payment due each year to ISACA to keep your certification active in their system. The CPE requirement - 10 hours per year in AI-specialized topics - is a professional development obligation you must document and report. Both must be fulfilled; paying the fee does not substitute for earning CPE hours, and earning CPE hours does not substitute for paying the fee. For a detailed look at how annual and 3-year cycle CPE requirements interact, see AAISM CPE Hours: Annual vs 3-Year Cycle Requirements.

Is the AAISM exam available in languages other than English?

Yes. As of Version 1 (launched August 19, 2025), the AAISM exam is available in English and Spanish. No additional language versions have been announced. Candidates should confirm current language availability with PSI or ISACA at the time of scheduling, as this may change as the certification matures.

Continue reading:

Ready to pass your AAISM exam?

Put this into practice with free AAISM questions across every exam domain.