Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
MoBolajiAkanni
Viewer
Thursday
Thursday

SSCP or CGRC after CC??????

 

I want a Career Path in Compliance or as an IT Auditor

Reply
0 Kudos
4 Replies
nkeaton
Contributor I
Friday
Friday

I believe that this would depend on your experience.  The SSCP is the next natural step after the CC and only requires a year of experience in at least one of the domains.  The CGRC requires 2 years in at least one of the domains.  I found the CGRC (CAP when I took it) tougher because it is non-technical.  It was my first ISC2 certification; it was the first automated ISC2 exam when I took it.  Fortunately the NIST documents are no cost to study.  

Reply
MoBolajiAkanni
Viewer
Saturday
Saturday

@nkeaton

Thank you for the heads up.

The years of experience involved will restrict .... I think I would go for SSCP.

Thank you once again.

Sent from Outlook for Android<>
Reply
Until_then
Contributor I
Sunday
Sunday

Best thing is CGRC if you as an auditor are required to follow NIST standards. 

 

As an auditor/assessor under NIST SP 800-37, you need to fully understand the RMF workflow if you are to assess organizations since the whole idea of RMF is obtaining an ATO which is what federal organizations are seeking. You can't get that ATO without fully understanding how RMF works.  

 

 

Reply
nkeaton
Contributor I
Monday
Monday

They have added some frameworks but agree is still more NIST based on RMF.  

Reply