CGRC
Certified in Governance Risk and Compliance
The Certified in Governance, Risk and Compliance (CGRC) certification validates expertise in IT governance, enterprise risk management, and compliance. The CGRC is designed for professionals who manage governance frameworks, oversee organizational risk, ensure regulatory compliance, and align IT security with business objectives. It is particularly valuable for governance, risk, and compliance officers, IT auditors, and security managers.
This certification covers five domains: Information Security Risk Management (22%), Security Assessment and Authorization (20%), Continuous Monitoring (22%), Information System Categorization (18%), and Security Control Selection and Implementation (18%). Candidates must demonstrate knowledge of establishing and maintaining governance frameworks, conducting risk assessments, managing security authorization processes, implementing continuous monitoring programs, categorizing information systems based on impact levels, and selecting and implementing security controls from frameworks such as NIST SP 800-53.
The CGRC certification requires two years of cumulative paid work experience in one or more of the five CGRC domains. The exam consists of 125 multiple-choice and advanced innovative questions. This certification is aligned with federal risk management frameworks including NIST SP 800-37 and is particularly relevant for organizations subject to government regulations or those implementing comprehensive GRC programs.
CGRC Practice Exam 1
Comprehensive 50-question practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
CGRC Practice Exam 2
Comprehensive 50-question practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
CGRC Practice Exam 3
Comprehensive practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
CGRC Practice Exam 4
Comprehensive 50-question practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
CGRC Practice Exam 5
Comprehensive 50-question practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
CGRC Practice Exam 6
Comprehensive 50-question practice exam covering all five CGRC domains: Information Security Risk Management, Security Assessment and Authorization, Continuous Monitoring, Information System Categorization, and Security Control Selection and Implementation.
Unlock All Content for CGRC
6 Practice Test(s) + Flash Cards — 3 months access
or included with Monthly subscription / Content Bundle