CGRC Exam Changes – Effective June 2024

AndreaMoore · ‎12-15-2023

On June 15, 2024, ISC2 will update the CGRC exam. This exam update is the result of the Job Task Analysis (JTA), which is an analysis of the knowledge, skills and abilities of the credential evaluated by ISC2 members on a triennial cycle. The exam domain weights for the CGRC will change as follows:

	Current (Effective August 15, 2021)		New (Effective June 15, 2024)
1	Information Security Risk Management Program	16%	Security and Privacy Governance, Risk Management, and Compliance Program	16%
2	Scope of the Information System	11%	Scope of the System	10%
3	Selection and Approval of Security and Privacy Controls	15%	Selection and Approval of Framework, Security, and Privacy Controls	14%
4	Implementation of Security and Privacy Controls	16%	Implementation of Security and Privacy Controls	17%
5	Assessment/Audit of Security and Privacy Controls	16%	Assessment/Audit of Security and Privacy Controls	16%
6	Authorization/Approval of Information System	10%	System Compliance	14%
7	Continuous Monitoring	16%	Compliance Maintenance	13%
	Total:	100%	Total:	100%

For more information, please review our CGRC Exam Update FAQs or the CGRC Exam Outline.

ISC2 Community Manager

DWill60

Hi, Do you think when the new exam changes go in place there will be a update to the self study material needed? Will there be an updated CBK?

DrK

Hi there

I am an authorized ISC2 instructor for CGRC. From my point of view, there are only minor tweaks to the distribution of questions (see the original posting). You do not need to wait for updated CBK materials.

The exam questions are primarily based on your knowledge of Information Security/cybersecurity and important NIST standards. The current material is very good. See my earlier posting on common standards such NIST, ISO etc for you to review as part of the curriculum.

https://community.isc2.org/t5/CGRC-Study-Group/Self-Study-or-Enroll-in-ISC2-Course/m-p/65306

Best wishes,

Dr K