cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AndreaMoore
Community Manager

CGRC Exam Changes – Effective June 2024

On June 15, 2024, ISC2 will update the CGRC exam. This exam update is the result of the Job Task Analysis (JTA), which is an analysis of the knowledge, skills and abilities of the credential evaluated by ISC2 members on a triennial cycle. The exam domain weights for the CGRC will change as follows: 

 

  

Current (Effective August 15, 2021) 

New (Effective June 15, 2024) 

Information Security Risk Management Program 

16% 

Security and Privacy Governance, Risk Management, and Compliance Program 

16% 

Scope of the Information System 

11% 

Scope of the System 

10% 

Selection and Approval of Security and Privacy Controls 

15% 

Selection and Approval of Framework, Security, and Privacy Controls 

14% 

Implementation of Security and Privacy Controls 

16% 

Implementation of Security and Privacy Controls 

17% 

Assessment/Audit of Security and Privacy Controls 

16% 

Assessment/Audit of Security and Privacy Controls 

16% 

Authorization/Approval of Information System 

10% 

System Compliance 

14% 

Continuous Monitoring 

16% 

Compliance Maintenance 

13% 

  

Total: 

100% 

Total: 

100% 

  

For more information, please review our CGRC Exam Update FAQs or the CGRC Exam Outline




ISC2 Community Manager
7 Replies
DWill60
Viewer II

Hi, Do you think when the new exam changes go in place there will be a update to the self study material needed? Will there be an updated CBK?

DrK
Newcomer I

Hi there

I am an authorized ISC2 instructor for CGRC. From my point of view, there are only minor tweaks to the distribution of questions (see the original posting). You do not need to wait for updated CBK materials. 

The exam questions are primarily based on your knowledge of Information Security/cybersecurity and important NIST standards. The current material is very good. See my earlier posting on common standards such NIST, ISO etc for you to review as part of the curriculum.

https://community.isc2.org/t5/CGRC-Study-Group/Self-Study-or-Enroll-in-ISC2-Course/m-p/65306

Best wishes,

Dr K

CyberLead
Contributor I

As a fellow instructor, I concur with Dr. K's post.  From what I've read and been told, the subject matter and material that you'll be tested on is not changing, rather it is a reorganization of what's covered in each domain (hence, the new domain titles). 

 

Thus, the relative weight of each domain has shifted.  For most domains that shift is only 1%; the exceptions are in domains 6 and 7.  Domain 6 goes up from 10% of the total to 14%, while domain 7 goes down from 16% to 13%.  Collectively, the weight of those two domains goes up only 1% from 26% to 27%.

 

Previously, earning this certification required having a good understanding of the Risk Management Framework, the activities performed in each step (including the largest step: Preparation), knowing the roles with primary responsibility for performing each of those activities, and an understanding of what's in the relevant NIST & ISO standards and documentation.  If you have that information in your head, you'd have what it takes to pass the exam. 

 

Unless ISC2 has decided to do something else that's not in the material they're providing instructors like me and Dr. K, that will still be true when the updated exam rolls out. 

 

I hope this information helps.


Lloyd Diernisse

ISC2 Authorized Instructor and Learning Tree International Certified Instructor
Lean Six Sigma Black Belt | CISSP-ISSMP | CCSP | CGRC | PMP | TBM | CSM | CMMI-A | ITIL-Fv3
Jeff_Godoy
Newcomer I

Will the Adaptive self-study for CGRC be released on June 15th , 2024
ervinfrenzel
Newcomer I

I have to agree, there is a new program out with a 2nd test (if needed).  I have read the NIST SP's and used them for years, yet I believe I will need the retest as there is little to no available actual prep in the area.  I've been in security for 35 years - I am hoping that the GRC refresher (look under continuing education for skill builders) content from ISC2 is a little bit helpful but so far I've been burning through it. 

 

Like so many others, I sure wish there was more out there.

 

Nazeer
Viewer III

Hello Dr K,

 

This is Abdulnazeer, i was your last student for last batch(meant before exam change). I could not attend actively your training due to time zone difference. I used to watch recording . Will it sufficient  for exam, i booked my exam next week. Need you input ,if required i can reschedule it still required to go through more.

CrisM
Viewer

This is a great reference thank you.