topic Re: SSCP or CGRC after CC?????? in Governance, Risk, Compliance

SSCP or CGRC after CC??????

MoBolajiAkanni — Fri, 27 Dec 2024 04:46:15 GMT

I want a Career Path in Compliance or as an IT Auditor

Re: SSCP or CGRC after CC??????

nkeaton — Fri, 27 Dec 2024 18:35:59 GMT

I believe that this would depend on your experience. The SSCP is the next natural step after the CC and only requires a year of experience in at least one of the domains. The CGRC requires 2 years in at least one of the domains. I found the CGRC (CAP when I took it) tougher because it is non-technical. It was my first ISC2 certification; it was the first automated ISC2 exam when I took it. Fortunately the NIST documents are no cost to study.

Re: SSCP or CGRC after CC??????

MoBolajiAkanni — Sat, 28 Dec 2024 14:04:29 GMT

@nkeaton

Thank you for the heads up.

The years of experience involved will restrict .... I think I would go for SSCP.

Thank you once again.

Sent from Outlook for Android<>

Re: SSCP or CGRC after CC??????

Until_then — Mon, 30 Dec 2024 01:14:24 GMT

Best thing is CGRC if you as an auditor are required to follow NIST standards.

As an auditor/assessor under NIST SP 800-37, you need to fully understand the RMF workflow if you are to assess organizations since the whole idea of RMF is obtaining an ATO which is what federal organizations are seeking. You can't get that ATO without fully understanding how RMF works.

Re: SSCP or CGRC after CC??????

nkeaton — Mon, 30 Dec 2024 14:03:45 GMT

They have added some frameworks but agree is still more NIST based on RMF.