CGRC – Governance, Risk and Compliance Certification

CGRC badge
Two women looking at post it notes
Build Your Career with the ISC2 CGRC Certification

Become a CGRC – Be a Governance, Risk and Compliance Leader

Capitalize on the rising demand for Governance, Risk and Compliance (GRC) expertise by earning the CGRC certification. The CGRC is a proven way to demonstrate your knowledge and skills to integrate governance, performance management, risk management and regulatory compliance within your organization.

CGRC professionals utilize frameworks to integrate security and privacy within organizational objectives, better enabling stakeholders to make informed decisions regarding data security, compliance, supply chain risk management and more.

CGRC Quick Glance


Shows advanced technical skills and knowledge to protect, authorize and maintain information systems within various risk management frameworks.


Domain 1: Information Security Risk Management Program

Domain 2: Scope of the Information System

Domain 3: Selection and Approval of Security and Privacy Controls

Domain 4: Implementation of Security and Privacy Controls

Domain 5: Assessment/Audit of Security and Privacy Controls

Domain 6: Authorization/Approval of Information System

Domain 7: Continuous Monitoring

CGRC Exam Outline
2 Years
Required Work Experience
ANAB Accredited
ISO/IEC Standard 17024
U.S. DoD 8570.1
Approved by Department of Defense
A smiling man looking at a tablet while sitting down
Free CGRC Ultimate Guide
Download Now

Your Pathway to Certification

Who Earns the CGRC?

The CGRC is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization, including positions like:

  • Cybersecurity Auditor
  • Cybersecurity Compliance Officer
  • GRC Architect
  • GRC Manager
  • Cybersecurity Risk & Compliance Project Manager
  • Cybersecurity Risk & Controls Analyst
  • Cybersecurity Third Party Risk Manager
  • Enterprise Risk Manager
  • GRC Analyst
  • GRC Director
  • Information Assurance Manager

Work in government? See how the CGRC meets the U.S. Department of Defense (DoD) Directive 8570.1.

A woman sitting on a couch with her laptop on lap while using a phone

Get Started. Become an ISC2 Candidate.

Begin your journey to certification as an ISC2 Candidate. You’ll save 20% on Official ISC2 online training and career-building support.

Set Yourself Up for Exam Success

A smiling man using a laptop while sitting on a bench outside
Online Self-Paced
Learn more
A woman having a virtual meeting on a laptop
Online Instructor-Led
Learn more
People meeting at a conference table
Learn more

Certifications for Every Step of Your Career

No matter where you are in your cybersecurity career, ISC2 certifications help you achieve your professional goals.
See all certifications
A mentor and a mentee using a tablet in an office
Strengthen Your Cybersecurity Team
Learn More