ISC2 CGRC

IntermediateGRC / CompliancePaid

Formerly CAP, now CGRC. Focuses on the NIST Risk Management Framework and the authorization and accreditation of IT systems for federal and government environments. Directly aligned to FISMA compliance and FedRAMP.

What you'll prove

Apply the NIST Risk Management Framework across all six steps
Categorize information systems per FIPS 199 and NIST 800-60
Select, implement, and assess security controls per NIST 800-53
Prepare and maintain system security plans and authorization packages
Conduct security assessments and document findings
Support authorization decision-making and continuous monitoring programs
Apply FISMA and FedRAMP requirements to federal information systems

Frequently asked

How much does the ISC2 CGRC cost?

The CGRC exam costs $599 USD plus the ISC2 annual maintenance fee of $135/year.

Who needs the CGRC?

CGRC is particularly valuable for federal government employees, defense contractors, and consultants working in FedRAMP, FISMA, or DoD RMF environments. It is the most direct credential for ISSO and ISSM roles.