Certified in Governance, Risk and Compliance (CGRC)

Official ISC2® Training Seminar for the Certified in Governance, Risk and Compliance (CGRC) provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST Risk Management Framework. This training course will help students review and refresh their knowledge and identify areas they need to study for the CGRC exam. Content aligns with and comprehensively covers the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK®).

Interested in attending? Have a suggestion about running this event near you?
Register your interest now


  • Domain 1: Information Security Risk Management Program
  • Domain 2: Scope of the Information System
  • Domain 3: Selection and Approval of Security and Privacy Controls
  • Domain 4: Implementation of Security and Privacy Controls
  • Domain 5: Assessment/Audit of Security and Privacy Controls
  • Domain 6: Authorization/Approval of Information System
  • Domain 7: Continuous Monitoring


What is included

  • CGRC Exam Voucher

Learning Outcomes

  • Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF).
  • Apply common elements of other risk management frameworks using the RMF as a guide.
  • Describe the roles associated with the RMF and how they are assigned to tasks within the RMF.
  • Execute tasks within the RMF process based on assignment to one or more RMF roles.
  • Explain organizational risk management and how it is supported by the RMF.

Audience Profile

This course is for individuals planning to pursue the CGRC certification. The CGRC is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal
government, military, civilian roles, local governments and private sector organizations. Roles include:

  • ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security
  • assessment and authorization (traditional C&A) and continuous monitoring issues.
  • Executives who must "sign off" on Authority to Operate (ATO).
  • Inspector generals (IGs) and auditors who perform independent reviews.
  • Program managers who develop or maintain IT systems.
  • IT professionals interested in improving cybersecurity and learning more about the importance
  • of lifecycle cybersecurity risk management.

Subscribe to Newsletter

Enter your email address to register to our newsletter subscription delivered on regular basis! 


© Copyright ICSI, Limited
(International CyberSecurity Institute) 2023