My Profile
Dashboard
Contact Preferences
Change Email
Sign Out
Certified in Cybersecurity 
SSCP 
CISSP 
CISSP Concentrations 
CCSP 
CSSLP CGRC – Governance, Risk and Compliance
CGRC – Certified in Governance, Risk and Compliance
Earning the CGRC certification is a proven way to build your career and demonstrate your expertise within various risk management frameworks.
CGRC demonstrates to employers that you have the advanced technical skills and knowledge to understand Governance, Risk and Compliance (GRC) and can authorize and maintain information systems utilizing various risk management frameworks, as well as best practices, policies and procedures.
First step: become an (ISC)² Candidate
Start strong on your path to CGRC certification as an (ISC)² Candidate. You’ll save 20% on Official (ISC)² Online Instructor-Led Training so you can start preparing for the exam. You’ll also access a long list of career-building benefits, including:
- Professional development
- Events
- Peer-to-peer networking
- Volunteer opportunities and more!
Sign up now. Your first year is free — no cost to you.*
*If you choose to renew after the first year, U.S. $50 due annually.
Become an (ISC)² Candidate Get New Pricing For Online Training
Already an (ISC)² Member? Claim your 20% discount.
Free CGRC Ultimate Guide
Find out everything you need to know about preparing for the CGRC exam, including:
- Is CGRC right for me?
- Benefits of CGRC certification
- CGRC Exam Overview
- Official Training
- And More!
Your Pathway to Certification
- 1 Ensure the CGRC is Right for You
- 2 Register and Prepare for the Exam
- 3 Get Certified
- 4 Become an (ISC)² Member
Who Earns the CGRC?
The CGRC is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization.
Work in government? See how the CGRC meets the U.S. Department of Defense (DoD) Directive 8570.1.
Which cyber specialty is a fit for you?
Cybersecurity is reliant on teams with diverse skills, experiences and ideas. Explore these specialty areas and start planning your path.
Cloud Security
Cybersecurity Leadership
Entry-Level Cybersecurity
Governance, Risk and Compliance
Network Security
Security Operations
Software Security
What will You Need to Know to Pass the CGRC Exam?
The CGRC exam evaluates your expertise across seven domains. Think of the domains as topics you need to master based on your professional experience and education.
CGRC Domains
- Domain 1: Information Security Risk Management Program
- Domain 2: Scope of the Information System
- Domain 3: Selection and Approval of Security and Privacy Controls
- Domain 4: Implementation of Security and Privacy Controls
- Domain 5: Assessment/Audit of Security and Privacy Controls
- Domain 6: Authorization/Approval of Information System
- Domain 7: Continuous Monitoring
Register for Your CGRC Exam
Don't wait. If you're ready to pursue the CGRC certification, commit yourself now by registering for the exam.
Schedule your exam by creating an account with Pearson VUE, the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.
Get CGRC Training that's Right for You
With self-paced or instructor-led online and classroom courses, (ISC)² has a training option to fit your schedule and learning style. Trainings, seminars, courseware and self-study aids directly from (ISC)² or one of our many Official Training Providers help you get ready for the rigorous CGRC exam by reviewing relevant domains and topics. Visit the (ISC)² Training Finder to register for the course that best meets your needs, including:
(ISC)² Self-Study Tools Keep Your Skills Sharp
Studying on your own or looking for a supplement to your seminar courseware? Check out our official self-study tools:
- Official study guides: Strengthen your knowledge in a specific domain and get in more exam practice time.
- Official flash cards: Prepare for the CGRC exam anytime, anywhere.
Gain the Necessary Work Experience
To qualify for this cybersecurity certification, you must pass the exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CGRC Common Body of Knowledge (CBK).
Learn more about CGRC Experience Requirements.
Don't have enough experience yet? You can still pass the CGRC exam and become an Associate of (ISC)² while you earn the required work experience.
Complete the Endorsement Process
Once you receive notification that you have successfully passed the exam, you can start the online endorsement process. This process attests that your assertions regarding professional experience are true and that you are in good standing within the cybersecurity industry.
Agree to the (ISC)² Code of Ethics
All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. All (ISC)² members are required to commit to fully support (ISC)² Code of Ethics Canons:
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principles.
- Advance and protect the profession.
Pay Your First Annual Maintenance Fee
Annual Maintenance Fees (AMFs) are used by (ISC)² to support the costs of maintaining the (ISC)² certifications and related support systems.
Certified Members AMFs
(ISC)² certified members pay a single AMF of U.S. $125 which is due each year upon the anniversary of their certification date. Members only pay a single AMF of U.S. $125 regardless of how many certifications they earn. AMFs for members with multiple certifications are due on their earliest certification anniversary.
Associates of (ISC)² AMFs
Associates of (ISC)² pay an AMF of U.S. $50 which is due each year upon the anniversary of achieving their associate status.
Join A Global Community Of Cybersecurity Leaders
Once you are certified and become an (ISC)² member, you’re a part of a global community of certified cybersecurity professionals focused on inspiring a safe and secure cyber world. In addition to that extensive network, a wealth of continuing education opportunities help you keep your skills sharp, informed of the latest trends and best practices, and ensures your expertise remains relevant throughout your career. Learn more about (ISC)² member benefits.
The CGRC is ideal for IT, information security and information assurance practitioners who work in Governance, Risk and Compliance (GRC) roles and have a need to understand, apply and/or implement a risk management program for IT systems within an organization.
Work in government? See how the CGRC meets the U.S. Department of Defense (DoD) Directive 8570.1.
Which cyber specialty is a fit for you?
Cybersecurity is reliant on teams with diverse skills, experiences and ideas. Explore these specialty areas and start planning your path.
Cloud Security
Cybersecurity Leadership
Entry-Level Cybersecurity
Governance, Risk and Compliance
Network Security
Security Operations
Software Security
The CGRC exam evaluates your expertise across seven domains. Think of the domains as topics you need to master based on your professional experience and education.
CGRC Domains
- Domain 1: Information Security Risk Management Program
- Domain 2: Scope of the Information System
- Domain 3: Selection and Approval of Security and Privacy Controls
- Domain 4: Implementation of Security and Privacy Controls
- Domain 5: Assessment/Audit of Security and Privacy Controls
- Domain 6: Authorization/Approval of Information System
- Domain 7: Continuous Monitoring
Register for Your CGRC Exam
Don't wait. If you're ready to pursue the CGRC certification, commit yourself now by registering for the exam.
Schedule your exam by creating an account with Pearson VUE, the leading provider of global, computer-based testing for certification and licensure exams. You can find details on testing locations, policies, accommodations and more on their website.
Get CGRC Training that's Right for You
With self-paced or instructor-led online and classroom courses, (ISC)² has a training option to fit your schedule and learning style. Trainings, seminars, courseware and self-study aids directly from (ISC)² or one of our many Official Training Providers help you get ready for the rigorous CGRC exam by reviewing relevant domains and topics. Visit the (ISC)² Training Finder to register for the course that best meets your needs, including:
(ISC)² Self-Study Tools Keep Your Skills Sharp
Studying on your own or looking for a supplement to your seminar courseware? Check out our official self-study tools:
- Official study guides: Strengthen your knowledge in a specific domain and get in more exam practice time.
- Official flash cards: Prepare for the CGRC exam anytime, anywhere.
To qualify for this cybersecurity certification, you must pass the exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)² CGRC Common Body of Knowledge (CBK).
Learn more about CGRC Experience Requirements.
Don't have enough experience yet? You can still pass the CGRC exam and become an Associate of (ISC)² while you earn the required work experience.
Complete the Endorsement Process
Once you receive notification that you have successfully passed the exam, you can start the online endorsement process. This process attests that your assertions regarding professional experience are true and that you are in good standing within the cybersecurity industry.
Agree to the (ISC)² Code of Ethics
All information security professionals who are certified by (ISC)² recognize that such certification is a privilege that must be both earned and maintained. All (ISC)² members are required to commit to fully support (ISC)² Code of Ethics Canons:
- Protect society, the common good, necessary public trust and confidence, and the infrastructure.
- Act honorably, honestly, justly, responsibly, and legally.
- Provide diligent and competent service to principles.
- Advance and protect the profession.
Pay Your First Annual Maintenance Fee
Annual Maintenance Fees (AMFs) are used by (ISC)² to support the costs of maintaining the (ISC)² certifications and related support systems.
Certified Members AMFs
(ISC)² certified members pay a single AMF of U.S. $125 which is due each year upon the anniversary of their certification date. Members only pay a single AMF of U.S. $125 regardless of how many certifications they earn. AMFs for members with multiple certifications are due on their earliest certification anniversary.
Associates of (ISC)² AMFs
Associates of (ISC)² pay an AMF of U.S. $50 which is due each year upon the anniversary of achieving their associate status.
Once you are certified and become an (ISC)² member, you’re a part of a global community of certified cybersecurity professionals focused on inspiring a safe and secure cyber world. In addition to that extensive network, a wealth of continuing education opportunities help you keep your skills sharp, informed of the latest trends and best practices, and ensures your expertise remains relevant throughout your career. Learn more about (ISC)² member benefits.
Interested in CGRC certification for your team? Learn more about (ISC)² Enterprise Solutions.
Did you know? Our certifications are accredited, recognized and endorsed by leading organizations around the world.
Connect with other professionals on the (ISC)² Community. Join the virtual CGRC Study Group.