CAP to CGRC Name Change FAQ
The Certified Authorization Professional (CAP) is changing to Certified in Governance, Risk and Compliance (CGRC). Only the name is changing.
This change better represents the knowledge, skills and abilities required to earn and maintain this certification. The subject matter is broader and more inclusive to frameworks used around the world.
Certified in Governance, Risk and Compliance (CGRC) cybersecurity professionals have the knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within the organization while helping the organization achieve objectives, address uncertainty and act with integrity. CGRC professionals align IT goals with organizational objectives as they manage cyber risks and achieve regulatory needs. They utilize frameworks to integrate security and privacy with the organization’s overall objectives, allowing stakeholders to make informed decisions regarding data security and privacy risks.
|Domain 1: Information Security Risk Management Program||16%|
|Domain 2: Scope of the Information System||11%|
|Domain 3: Selection and Approval of Security and Privacy Controls||15%|
|Domain 4: Implementation of Security and Privacy Controls||16%|
|Domain 5: Assessment/Audit of Security and Privacy Controls||16%|
|Domain 6: Authorization/Approval of Information System||10%|
|Domain 7: Continuous Monitoring||16%|
Please refer to the Exam Outline for details.
The content of the exam last changed on August 15, 2021. More information about the previous content change can be found on the blog.
No. For the CGRC, you are required to have a minimum of two years of cumulative work experience in one or more of the seven domains of the CGRC.
- Information Security Risk Management Program
- Scope of the Information System
- Selection and Approval of Security and Privacy Controls
- Implementation of Security and Privacy Controls
- Assessment/Audit of Security and Privacy Controls
- Authorization/Approval of Information Systems
- Continuous Monitoring
The CGRC is ideal for IT, information security and cybersecurity professionals responsible for governance, risk and compliance within an organization. Roles include:
Beginning January 1, 2023, you can visit Pearson VUE home.pearsonvue.com/isc2 and click to register for CGRC at an exam location of your choice on or after February 15, 2023. Prior to 2023, the exam will remain listed under the CAP name.
The price of the exam is U.S. $599 (EUR 555, GBP 479). This cost does not include training.