Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

CAP is Becoming CGRC – what does that mean?

(ISC)² is updating the name of the Certified Authorization Professional (CAP®) certification to Certified in Governance, Risk and Compliance (CGRC) effective February 15, 2023.

In addition to better representing the knowledge, skills and abilities required to earn and maintain this certification, this change will bolster the professional recognition for those who hold it as demand rises globally for GRC expertise.

The CAP was historically for U.S. government professionals using the Risk Management Framework (RMF) and is now an ideal way for professionals in public and private sectors around the world who will benefit from demonstrating their expertise across a wide range of frameworks.

The exam and education for this certification will not be impacted by this name change. The exam was last refreshed in August of 2021.

To earn the certification, you must pass the exam, and have a minimum of two years of cumulative work experience in one or more of the seven domains of the certification Common Body of Knowledge (CBK®) listed below:

CGRC Domains:

  • Information Security Risk Management Program
  • Scope of the Information System
  • Selection and Approval of Security and Privacy Controls
  • Implementation of Security and Privacy Controls
  • Assessment/Audit of Security and Privacy Controls
  • Authorization/Approval of Information Systems
  • Continuous Monitoring

If you don’t have the necessary experience yet, and pass the CGRC exam, you will become an Associate of (ISC)². You will then have three years to earn the two years of required experience to become fully certified

If you are preparing for the CAP (Certified Authorization Professional) certification, this change is in name only and you should be adequately prepared for the CGRC exam. You can opt to take the CAP exam before February 14, 2023; however, know that after February 15, 2023, your certification name will automatically change to CGRC.

Take the next step to launch your cybersecurity career by logging into your Pearson VUE account to register for your exam. Look for the CGRC exam name and follow the prompts to select your exam date and test location.

CGRC exams will be available on February 15, 2023 and beyond.

Current CAP certification holders do not need to take any further action; your certification will automatically change to CGRC after February 15, 2023.

Have questions? Visit our CAP to CGRC FAQ page.

Connect with other candidates preparing for the exam on the (ISC)² Community Study Group.

ISC2 Community Manager
0 Replies