Chat with us, powered by LiveChat

COURSES

CGRC Certified in Governance, Risk and Compliance Training Course

CGRC Certified in Governance, Risk and Compliance Training Course


Course Description

SecureNinja's Certified in Governance, Risk, and Compliance (CGRC) training and certification course covers the exam objectives that measure the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems within the Risk Management Framework (RMF). Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure those information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. The CGRC is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies, and procedures established by the cybersecurity experts at (ISC)². The 4-day immersive boot camp covers all of the latest exam objectives complete with 400+ up-to-date exam questions in SecureNinja's Student Portal Quiz Engine.

Topics Covered

The CGRC examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise the CGRC CBK® taxonomy of information security topics:

  • Domain 1: Security and Privacy Governance, Risk Management, and Compliance Program
  • Domain 2: Scope of the System
  • Domain 3: Selection and Approval of Framework, Security, and Privacy Controls
  • Domain 4: Implementation of Security and Privacy Controls
  • Domain 5: Assessment/Audit of Security and Privacy Controls
  • Domain 6: System Compliance
  • Domain 7: Compliance Maintenance

The credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD).  Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers, as well as all senior system managers, apply.

Course Outline

Day 1: Foundations of Governance, Risk, and Compliance

•Introduction to CGRC & Course Overview

Security and Privacy Governance, Risk Management, and Compliance Program

•Governance, risk management, and compliance principles

•Regulatory frameworks (NIST, COBIT, ISO/IEC)

•System Development Life Cycle (SDLC) and compliance integration

•Roles and responsibilities in compliance

Scope of the System

•Defining system boundaries and scope

•Information classification and security objectives

•Assessing impact levels based on compliance requirements

Practical Exercise: Case Study – Defining Scope for an Information System

 

Day 2: Control Selection, Implementation, and Compliance Strategies

Selection and Approval of Framework, Security, and Privacy Controls

•Identifying and documenting baseline controls

•Tailoring security controls to organizational needs

•Developing a continuous monitoring strategy

Implementation of Security and Privacy Controls

•Implementing security and privacy controls effectively

•Ensuring alignment with compliance mandates

•Managing residual risks

Practical Exercise: Developing a Security Control Implementation Plan

 

Day 3: Assessment, Auditing, and System Compliance

Assessment/Audit of Security and Privacy Controls

•Preparing for security assessments and audits

•Compliance verification and validation techniques

•Conducting assessments and reporting findings

System Compliance

•Documenting compliance efforts

•Risk acceptance and treatment options

•Stakeholder involvement and decision-making

Practical Exercise: Conducting a Compliance Audit and Risk Assessment

 

Day 4: Maintaining Compliance & Final Review

Compliance Maintenance

•Continuous monitoring and control evaluation

•Adapting to evolving security and privacy requirements

•Updating policies and procedures

Exam Preparation & Review

•Key takeaways from each domain

•Sample questions and test-taking strategies

•Final Q&A and discussion

Prerequisites

The ideal candidate should have experience, skills, or knowledge in any of the following areas:

  • IT Security
  • Information Assurance
  • Information Risk Management
  • Certification
  • Systems Administration
  • One - two years of general technical experience
  • Two years of general systems experience
  • One - two years of database/systems development/network experience
  • Information Security Policy
  • Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
  • Strong familiarity with NIST documentation

Required Exam

ISC2 CGRC Exam

  • Format: 125 multiple-choice questions.
  • Duration: 3 hours.
  • Passing Score: 700 out of 1000 points.

Course Length

  • 4 Days
  • 32 Hours

Follow-on Courses

CISSP

logo CGRC Certified in Governance, Risk and Compliance Training Course Course Info.
Start Date End Date Location Days In Person Online
May. 27, 2025 May. 30, 2025 Alexandria, VA
Eastern Time
Tue-Fri
(4 Days)
Register Register
Jun. 16, 2025 Jun. 19, 2025 Columbia, MD
Eastern Time
Tue-Fri
(4 Days)
Register Register
Jun. 23, 2025 Jun. 26, 2025 San Diego, CA
Pacific Time
Mon-Thu
(4 Days)
Register Register
Jun. 30, 2025 Jul. 03, 2025 Alexandria, VA
Eastern Time
Mon-Thu
(4 Days)
Register Register
Aug. 11, 2025 Aug. 14, 2025 Alexandria, VA
Eastern Time
Mon-Thu
(4 Days)
Register Register
Aug. 18, 2025 Aug. 21, 2025 San Diego, CA
Pacific Time
Mon-Thu
(4 Days)
Register Register
Sep. 22, 2025 Sep. 25, 2025 Columbia, MD
Eastern Time
Mon-Thu
(4 Days)
Register Register
Oct. 14, 2025 Oct. 17, 2025 Alexandria, VA
Eastern Time
Tue-Fri
(4 Days)
Register Register
Oct. 20, 2025 Oct. 23, 2025 San Diego, CA
Pacific Time
Mon-Thu
(4 Days)
Register Register
Nov. 03, 2025 Nov. 06, 2025 Alexandria, VA
Eastern Time
Mon-Thu
(4 Days)
Register Register
Nov. 17, 2025 Nov. 20, 2025 Columbia, MD
Eastern Time
Tue-Fri
(4 Days)
Register Register
Dec. 01, 2025 Dec. 04, 2025 San Diego, CA
Pacific Time
Mon-Thu
(4 Days)
Register Register
Dec. 08, 2025 Dec. 11, 2025 Alexandria, VA
Eastern Time
Mon-Thu
(4 Days)
Register Register

Not able to attend public scheduled classes? No problem, let us come to you to train your staff on-site on CGRC - Certified in Governance, Risk and Compliance