SecureNinja's Certified in Governance, Risk, and Compliance (CGRC) training and certification course covers the exam objectives that measure the knowledge, skills, and abilities required for personnel involved in the process of authorizing and maintaining information systems within the Risk Management Framework (RMF). Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure those information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. The CGRC is the only certification under the DoD8570 mandate that aligns with each RMF step. It shows employers you have the advanced technical skills and knowledge to authorize and maintain information systems within the RMF using best practices, policies, and procedures established by the cybersecurity experts at (ISC)². The 4-day immersive boot camp covers all of the latest exam objectives complete with 400+ up-to-date exam questions in SecureNinja's Student Portal Quiz Engine.
Topics Covered
The CGRC examination tests the breadth and depth of a candidate’s knowledge by focusing on the seven domains which comprise the CGRC CBK® taxonomy of information security topics:
- Domain 1: Information Security Risk Management Program
- Domain 2: Scope of the Information System
- Domain 3: Selection and Approval of Security and Privacy Controls
- Domain 4: Implementation of Security and Privacy Controls
- Domain 5: Assessment/Audit of Security and Privacy Controls
- Domain 6: Authorization/Approval of Information System
- Domain 7: Continuous Monitoring
The credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD). Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers, as well as all senior system managers, apply.
Prerequisites
The ideal candidate should have experience, skills, or knowledge in any of the following areas:
- IT Security
- Information Assurance
- Information Risk Management
- Certification
- Systems Administration
- One - two years of general technical experience
- Two years of general systems experience
- One - two years of database/systems development/network experience
- Information Security Policy
- Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms
- Strong familiarity with NIST documentation
Required Exam
(ISC)2 CGRC Exam
Course Length
32 hours
Follow-on Courses
CISSP
![]() |
|||||
---|---|---|---|---|---|
Start Date | End Date | Location | Days | In Person | Online |
Mar. 10, 2025 | Mar. 13, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Mar. 31, 2025 | Apr. 03, 2025 |
Columbia, MD
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Apr. 14, 2025 | Apr. 17, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Apr. 21, 2025 | Apr. 24, 2025 |
San Diego, CA
Pacific Time |
Mon-Thu (4 Days) |
Register | Register |
May. 27, 2025 | May. 30, 2025 |
Alexandria, VA
Eastern Time |
Tue-Fri (4 Days) |
Register | Register |
Jun. 16, 2025 | Jun. 19, 2025 |
Columbia, MD
Eastern Time |
Tue-Fri (4 Days) |
Register | Register |
Jun. 23, 2025 | Jun. 26, 2025 |
San Diego, CA
Pacific Time |
Mon-Thu (4 Days) |
Register | Register |
Jun. 30, 2025 | Jul. 03, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Aug. 11, 2025 | Aug. 14, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Aug. 18, 2025 | Aug. 21, 2025 |
San Diego, CA
Pacific Time |
Mon-Thu (4 Days) |
Register | Register |
Sep. 22, 2025 | Sep. 25, 2025 |
Columbia, MD
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Oct. 14, 2025 | Oct. 17, 2025 |
Alexandria, VA
Eastern Time |
Tue-Fri (4 Days) |
Register | Register |
Oct. 20, 2025 | Oct. 23, 2025 |
San Diego, CA
Pacific Time |
Mon-Thu (4 Days) |
Register | Register |
Nov. 03, 2025 | Nov. 06, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Nov. 17, 2025 | Nov. 20, 2025 |
Columbia, MD
Eastern Time |
Tue-Fri (4 Days) |
Register | Register |
Dec. 01, 2025 | Dec. 04, 2025 |
San Diego, CA
Pacific Time |
Mon-Thu (4 Days) |
Register | Register |
Dec. 08, 2025 | Dec. 11, 2025 |
Alexandria, VA
Eastern Time |
Mon-Thu (4 Days) |
Register | Register |
Not able to attend public scheduled classes? No problem, let us come to you to train your staff on-site on CGRC - Certified in Governance, Risk and Compliance