(ISC)2

Certified in Governance, Risk and Compliance (CGRC)

The former Certified Authorization Professional (CAP) certification is not the Certified in Governance, Risk and Compliance (CGRC) certification. It covers the RMF in great detail and is the only security certification under the DoD 8570 mandate that aligns to each of the RMF steps.

Course Overview

Certified in Governance, Risk, and Compliance (CGRC) training and certification course covers the exam objectives that measure the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems within the Risk Management Framework (RMF). Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure those information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. The CGRC is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies, and procedures established by the cybersecurity experts at ISC2.

Topics Covered

The CGRC examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise the CGRC CBK® taxonomy of information security topics:

- Domain 1: Information Security Risk Management Program
- Domain 2: Scope of the Information System
- Domain 3: Selection and Approval of Security and Privacy Controls
- Domain 4: Implementation of Security and Privacy Controls
- Domain 5: Assessment/Audit of Security and Privacy Controls
- Domain 6: Authorization/Approval of Information System
- Domain 7: Continuous Monitoring

Course Outline

CGRC DOMAIN 1: INFORMATION SECURITY RISK MANAGEMENT PROGRAM

-Understand the Foundation of an Organization-Wide Information Security Risk Management Program
-Understand Risk Management Program Processes
-Understand Regulatory and Legal Requirements

CGRC DOMAIN 2: CATEGORIZATION OF INFORMATION SYSTEMS (IS)
-Define the Information System (IS)
-Determine Categorization of the Information System (IS)

CGRC DOMAIN 3: SELECTION OF SECURITY CONTROLS
-Identify and Document Baseline and Inherited Controls
-Select and Tailor Security Controls
-Develop Security Control Monitoring Strategy
-Review and Approve Security Plan (SP)

CGRC DOMAIN 4: IMPLEMENTATION OF SECURITY CONTROLS
-Implement Selected Security Controls
-Document Security Control Implementation

CGRC DOMAIN 5: ASSESSMENT OF SECURITY CONTROLS
-Prepare for Security Control Assessment (SCA)
-Conduct Security Control Assessment (SCA)
-Prepare Initial Security Assessment Report (SAR)
-Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
-Develop Final Security Assessment Report (SAR) and Optional Addendum

CGRC DOMAIN 6: AUTHORIZATION OF INFORMATION SYSTEMS (IS)
-Develop Plan of Action and Milestones (POAM)
-Assemble Security Authorization Package
-Determine Information System (IS) Risk
-Make Security Authorization Decision

CGRC DOMAIN 7: CONTINUOUS MONITORING
-Determine Security Impact of Changes to Information Systems (IS) and Environment
-Perform Ongoing Security Control Assessments (SCA)
-Conduct Ongoing Remediation Actions (e.g., resulting from incidents, vulnerability scans, audits, vendor updates)
-Update Documentation
-Perform Periodic Security Status Reporting
-Perform Ongoing Information System (IS) Risk Acceptance
-Decommission Information System (IS)

NIST/GOVERNANCE OVERVIEW
NIST SP 800-37 rev 1/800-53 rev 4/800-53A rev 4
FIPS 199/200
CNSSI 1253
NIST SP 800-30/800-39/800-60/800-64/800-115/800-137
OMB A-123/A-130

Toggle Filters

Want to run this course in-house?

Inquire about running this course in-house

None of these dates work for you?

Suggest another date & time

Client Testimonials

Be wary of companies that pay external vendors to farm and post reviews, many of them are not authentic. Ours come straight from Google, you can’t alter reviews on Google Maps in any way. Don’t take our word for who we are – hear from our clients:

Sangwoo L.

7/07/2022

Great prep for PMP exam. Dr. Salk is a great instructor. He is very engaging and presents material thoroughly.

Richard L.

7/07/2020

I was very happy with the learning environment. The instructor made the material very easy to understand and had a lot of patience with all of us asking the same question over and over. I would recommend this course to anyone who needs to get the certificate.

Jeremiah Hood

12/13/2021

Our organization hosted a CompTIA Security+ Boot Camp in December, conducted by ATA. We had a 100% pass rate for the certification exam. The instructor, Mr. Chaney was one of the best that I have seen in the business! The ATA Services Director, Ms. Pernaselci, and the ATA operations and support team were top notch, being adaptable to last minute changing needs. I highly recommend ATA for your organization's IT Workforce certification needs!

Francisco G.

7/07/2022

The instructor and class were very direct, simple and to the point. Very interactive as well. I’m grateful to have been apart of this class & pass it.

Ashish K.

7/07/2022

I really had good training experience from ATA and our instructor J Chaney. It was very through and knowledgable.

Janay L.

11/01/2020

best school out there 💗❗️

Hey t.

2/07/2023

I had 0 computer knowledge or background going into the Security + class. J made it understandable and easily digestible. The classes were thorough and the study material was exactly what was needed to help prepare for the test. Cannot recommend this enough for people trying to get into the security field.

Milton W.

7/07/2020

I have taken multiple technical training courses with this company, and have always felt fully prepared for every certification exam. I recently finished the CISSP boot camp, and I can definitely recommend this company to anyone trying to advance their career.

Jake Dean

12/18/2021

Awesome training, great supporting tools and aids. Kept me and my ADHD engaged while learning this great subject! This is my fourth class with Applied Technology Academy and I will continue to use them for my certification needs!

Nicole W.

6/07/2023

This school is hands down the BEST IT school I have attended for SEC+. I have attended SEC+ twice at Fort Gordon and the information that is taught there was so outdated. I appreciate Applied Technology Academy so much! I actually enjoyed the instruction, it was not hard to follow, and the instructor, Mr. Chaney, was extremely knowledgeable. He was able to communicate to the lowest level from Beginner to advanced. Our class had 100% pass rate of who took the exam after the course was over. After the exam I was able to contact the instructor and Ms. Liz Pernaselci for more information. I was provided with the audio from the course to go over in the event I needed to brush up. We are also allowed to log in to any SEC+ Course afterwards without paying an additional fee. I really appreciate this school and will be attending more courses in the future!

Brett F.

7/07/2022

Experts in the field that tailor the delivery of the overwhelming abundance of material and somehow make it digestible! Sec+ boot camp was a great investment!

Francisco G.

2/15/2022

The instructor and class were very direct, simple and to the point. Very interactive as well. I’m grateful to have been apart of this class & pass it.

Oscar A.

7/07/2021

Great Institution, they enrolled me very quick for a class. Thank you for supporting the military

Matthew Y.

7/07/2022

Good virtual learning.

Sangwoo Lee

8/19/2021

Great prep for PMP exam.Dr. Salk is a great instructor. He is very engaging and presents material thoroughly.

SEE ALL TESTIMONIALS

Achieve your ISC2 CAP Certified Authorization Professional

Certifications Today!

Whether you are simply seeking a knowledge based IT course, or are working towards passing the exam for your next IT certification, we offer the courses you are looking for as daytime classes, evening classes, boot camps and on-demand.

We know that the instructor is the key to our students’ success and we have taken over a decade to build one of the best teams in the country. Our instructors have decades of cumulative real world experience and they bring that to every class they teach!

Looking for ISC2 CAP Certified Authorization Professional Training and Certifications?

And no, we will not relentlessly hound you with sales calls, we promise! Please reach out to us with any questions you might have. We welcome the opportunity to talk through your individual training needs, or that of your team. We are a no pressure, service oriented company. Reach out – you’ll be glad you did!