AAISM logo
Focused certification exam prep
Start practice
Home / Study Resources / Exam Statistics & Costs / AAISM Exam Fee: Member vs Non-Member Cost 2026

AAISM Exam Fee: Member vs Non-Member Cost 2026

Updated 10 min read AAISM Exam Prep
Table of Contents
TL;DR
  • AAISM exam fee is $459 for ISACA members and $599 for non-members - a $140 difference.
  • A $50 one-time application processing fee applies after you pass, not at registration.
  • Annual maintenance costs $20/year for members or $35/year for non-members over a 3-year cycle.
  • You must hold an active CISM or CISSP before registering - there is no workaround.

The AAISM Exam Fee: Exact Numbers for 2026

ISACA launched the Advanced in AI Security Management (AAISM) certification on August 19, 2025, making it one of the newest enterprise-level AI security credentials on the market. For candidates planning to sit the exam in 2026, the fee structure is straightforward but carries a few line items that catch people off guard if they only budget for the exam itself.

The exam fee published for Version 1 of the AAISM credential is:

Candidate Type Exam Registration Fee Post-Pass Application Fee Annual Maintenance Fee
ISACA Member $459 $50 (one-time) $20 per year
Non-Member $599 $50 (one-time) $35 per year

Two things stand out here. First, the $50 application processing fee only triggers after you pass - it is not part of the registration transaction. Candidates who budget only for the exam fee and then pass are sometimes surprised by this charge when they go to claim their certification. Second, the maintenance fee diverges based on your ISACA membership status at the time of renewal, not at the time of exam registration, so your total ongoing cost can shift year over year depending on whether you keep your membership active.

Fee Timing Matters: The $50 application processing fee is collected post-pass as part of the certification issuance process. If you budget only the exam registration amount, you will need an additional $50 ready the moment you get your pass notification. Plan for it before exam day, not after.

Member vs. Non-Member: What the Gap Actually Means

The $140 difference between the $459 member rate and the $599 non-member rate is the headline number, but the full picture depends on how long you intend to hold the AAISM credential and whether you already hold other ISACA certifications such as CISM or CRISC.

ISACA annual membership costs vary by region and category, but the member discount on the AAISM exam alone partially offsets a single year of membership dues for many candidates. If you plan to sit the exam once and then let membership lapse, the math is tight. However, if you are already a CISM holder - which is one of the two mandatory prerequisites for AAISM - there is a strong chance you are already paying ISACA dues, in which case the $459 member rate is simply your rate.

For those who hold CISSP (the other accepted prerequisite) but are not current ISACA members, the decision to join before registering for AAISM is a genuine financial question worth calculating before you click "register." You can review the detailed fee breakdown and registration advice in the AAISM Exam Fee: Member vs Non-Member Cost 2026 reference guide as well, which walks through the membership calculation in detail.

Beyond the Exam: The Full Cost of AAISM Certification

When security professionals evaluate whether to pursue AAISM, the exam registration fee is only one slice of the financial commitment. Mapping out the full three-year certification lifecycle gives a more honest picture.

Cost Item Member Total (3 Years) Non-Member Total (3 Years)
Exam Registration $459 $599
Post-Pass Application Fee $50 $50
Annual Maintenance × 3 Years $60 ($20 × 3) $105 ($35 × 3)
3-Year Lifecycle Total $569 $754

The maintenance fee also comes with a substantive CPE requirement. AAISM requires a minimum of 10 CPE hours per year in AI-specialized topics, with 30 CPE hours total across the 3-year cycle. These cannot be generic security training hours - they must be AI-focused. Candidates planning their ongoing education budgets should factor in the cost of qualifying AI security courses, conferences, or vendor training. For guidance on exactly what types of activities count toward those hours, see AAISM CPE Topics: What Qualifies for AI Hours, which breaks down acceptable AI-domain content in detail.

Prerequisites and What They Add to Your Investment

Unlike many specialty certifications that allow candidates to register and then demonstrate prerequisites later, AAISM requires you to hold an active CISM or CISSP before you register. Both credentials must remain active throughout the entire AAISM certification lifecycle - a lapse in your underlying credential puts your AAISM status at risk as well.

This prerequisite structure means AAISM is intentionally positioned as a senior-level overlay credential. ISACA is targeting practitioners who already manage security programs and are adding AI governance and AI risk management to their portfolio of responsibilities. The organizations hiring for AAISM-verified roles are not entry-level shops - they tend to be financial institutions, healthcare enterprises, technology companies with large AI deployments, and federal agencies navigating AI governance regulations.

Prerequisite Maintenance Is Mandatory: If your CISM or CISSP lapses after you earn AAISM, your AAISM certification is also considered non-compliant. Budget for the ongoing CPE and renewal costs of your prerequisite credential as part of your AAISM investment, not separately.

What Your Exam Fee Buys: The Three Domains

The AAISM exam consists of 90 multiple-choice, scenario-based questions delivered over 150 minutes (2.5 hours). The passing score is 450 on a scaled score range of 200 to 800. Every question is tied to one of three domains, and the weighting is not equal - which has direct implications for where you invest your preparation time.

Domain 1: AI Governance and Program Management (31%)

This domain tests your ability to design and oversee AI governance frameworks, align AI initiatives with organizational strategy, and manage AI programs in a way that satisfies regulatory and board-level accountability requirements.

  • Establishing AI governance structures and policies
  • Aligning AI program objectives with enterprise risk appetite
  • Roles and responsibilities in AI oversight (CISO, AI ethics board, program manager)
  • Regulatory compliance frameworks applicable to AI systems
  • AI program lifecycle management from inception through decommission

Domain 2: AI Risk Management (31%)

Carrying equal weight to Domain 1, this domain focuses on identifying, assessing, and treating risks that are specific to AI systems - including bias, model drift, adversarial inputs, and third-party AI supply chain risk.

  • AI-specific risk identification and classification
  • Threat modeling for machine learning pipelines
  • Third-party and vendor AI risk assessment
  • Model explainability and auditability requirements
  • Risk treatment options for AI deployments including acceptance, mitigation, and transfer

Domain 3: AI Technologies and Controls (38%)

This is the highest-weighted domain and covers the technical depth of AI security - architecture, security controls embedded in AI systems, testing methodologies, and continuous monitoring. Candidates without a technical AI background should allocate extra preparation time here.

  • AI and ML architecture components and their security implications
  • Security controls for training data, model development, and inference pipelines
  • Adversarial machine learning and attack surface analysis
  • AI system testing methodologies including red-teaming and penetration testing of AI
  • Monitoring strategies for deployed AI models (drift detection, anomaly detection)

The scenario-based question format means AAISM questions present realistic organizational situations - a CISO reviewing an AI vendor contract, a security architect evaluating controls for a large language model deployment, or a risk manager responding to a detected model bias incident. Rote memorization of definitions is insufficient; candidates must be able to apply concepts to messy, real-world scenarios. Practicing with scenario-driven questions is the most direct way to build that skill, and the AAISM practice test platform is designed specifically around this format.

Registration Mechanics and the 12-Month Window

Once you pay your registration fee - $459 or $599 depending on membership status - ISACA opens a 12-month eligibility window during which you must sit and pass the exam. If you do not pass within that window, you must re-register and pay the fee again. There is no partial credit or rollover.

This 12-month window is both generous and easy to misuse. Candidates who register and then delay scheduling often find themselves cramming in the final weeks before their window expires, which is a poor strategy for a 90-question scenario-based exam that rewards applied judgment over memorization. A disciplined approach is to schedule your exam appointment within the first two weeks of registration, then study backward from that date.

The exam is available in English and Spanish, and it is administered through PSI testing centers globally as well as through PSI's remote proctoring platform. Note the geographic exception: candidates in India, Mainland China, and Hong Kong are required to sit the exam at a physical PSI center - remote proctoring is not available in those locations.

How and Where You Sit the Exam

PSI is ISACA's authorized testing delivery partner for AAISM. Candidates outside the restricted regions (India, Mainland China, Hong Kong) have the choice between an in-person PSI testing center or a remote proctored session from their own workspace. Remote proctoring introduces specific technical requirements around webcam, microphone, and environment that candidates should verify before their appointment.

For candidates choosing remote proctoring, a clean desk, a reliable internet connection, and a private room are non-negotiable. PSI proctors conduct a room scan via webcam before the session begins. Technical failures during a remote session can result in an invalidated attempt depending on the circumstances, so testing at a physical center remains the lower-risk option for candidates who have access to one.

Remote Proctoring Restriction: Candidates in India, Mainland China, and Hong Kong cannot use remote proctoring and must locate an authorized PSI testing center. If you are planning to sit the exam while traveling internationally, verify your destination's PSI availability before setting your exam date.

A Domain-Weighted Study Calendar

Given the domain weights - 31% Governance, 31% Risk, 38% Technologies and Controls - a rational study plan allocates more time to Domain 3 without abandoning the other two. The following eight-week schedule is built around that weighting and is designed for candidates who are working professionals with roughly 10 hours per week available for preparation.

Week 1-2

Domain 1: AI Governance and Program Management

  • Map existing CISM/CISSP governance knowledge to AI-specific contexts
  • Study AI regulatory frameworks (EU AI Act concepts, NIST AI RMF)
  • Practice 15-20 scenario questions daily focused on governance decisions
  • Use spaced repetition for key roles, responsibilities, and policy structures
Week 3-4

Domain 2: AI Risk Management

  • Study AI-specific threat categories: adversarial inputs, data poisoning, model inversion
  • Practice vendor and third-party AI risk assessment scenarios
  • Build fluency with model explainability and auditability concepts
  • Complete timed 30-question blocks via the AAISM practice test platform
Week 5-7

Domain 3: AI Technologies and Controls (Heaviest Focus)

  • Three weeks reflects the 38% exam weight - do not compress this section
  • Study ML pipeline architecture and where security controls apply at each stage
  • Focus on adversarial machine learning techniques and countermeasures
  • Practice AI red-teaming and penetration testing scenario questions
  • Review monitoring strategies: drift detection, anomaly detection, model telemetry
Week 8

Full-Length Simulation and Weak Domain Remediation

  • Complete at least two timed 90-question full simulations
  • Identify your weakest domain by analyzing question-level performance
  • Spend remaining days on targeted review of flagged topics
  • Review the CPE requirements early - start planning qualifying AI activities using AAISM CPE Topics: What Qualifies for AI Hours

Is ISACA Membership Worth It for AAISM?

The decision to purchase or maintain ISACA membership specifically for the AAISM exam discount reduces to a simple calculation: if the annual ISACA membership cost in your region is less than $140, membership pays for itself on the exam fee alone. For most professional tiers, this threshold is met. Add in the ongoing maintenance fee savings ($15 per year) and the math solidifies further over the full 3-year certification cycle.

Beyond the fee arithmetic, ISACA membership provides access to frameworks, research publications, and community resources that are directly relevant to AAISM content - particularly for Domain 1 (AI Governance) and Domain 2 (AI Risk Management), where ISACA's own frameworks and publications are implicit reference material for the exam. Candidates who are already CISM holders and active ISACA members can treat the member rate as their baseline without further deliberation.

For CISSP holders who are not current ISACA members, the decision is worth a 10-minute calculation before registering. The savings over three years are meaningful, and the ecosystem benefits of ISACA membership are directly relevant to the subject matter of the AAISM credential.

Frequently Asked Questions

Can I register for the AAISM exam before I have an active CISM or CISSP?

No. ISACA requires you to hold an active CISM or CISSP at the time of registration. You cannot register and then fulfill the prerequisite later. If your underlying credential is in grace period or lapsed, resolve that before submitting your AAISM application.

Is the $50 application processing fee refundable if I fail?

The $50 post-pass application fee is only charged after you pass the exam, so it is not applicable in a fail scenario. The exam registration fee ($459 or $599) is what you pay upfront - ISACA's standard cancellation and refund policies apply to that amount based on how far in advance you cancel or reschedule.

What happens if my CISM or CISSP lapses after I earn AAISM?

Your AAISM certification status is tied to the active status of your prerequisite credential. A lapsed CISM or CISSP puts your AAISM compliance at risk. ISACA requires you to maintain your underlying credential throughout the entire AAISM certification lifecycle as a condition of holding the credential.

How many questions are on the AAISM exam and how long do I have?

The AAISM exam consists of 90 multiple-choice, scenario-based questions. The time limit is 150 minutes (2.5 hours). The passing score is 450 on a scaled score of 200 to 800. Questions are distributed across three domains with Domain 3 (AI Technologies and Controls) carrying the highest weight at 38%.

Is remote proctoring available everywhere?

Remote proctoring through PSI is available in most regions, but candidates in India, Mainland China, and Hong Kong must sit the exam at an authorized PSI physical testing center. If you are in one of these regions, locate your nearest PSI center before scheduling your appointment. The exam is available in both English and Spanish regardless of delivery format.

Ready to Start Practicing?

The AAISM exam is 90 scenario-based questions across three domains - and the only way to get comfortable with the format is to practice it. Our platform delivers AAISM-aligned practice questions covering AI Governance, AI Risk Management, and AI Technologies and Controls, built to reflect the real-world scenario style ISACA uses. Start for free today and know where you stand before exam day.

Start Free Practice Test
Continue reading:

Ready to pass your AAISM exam?

Put this into practice with free AAISM questions across every exam domain.