Announcements
This ISC2 Community will be decommissioned as of May 29, 2026. Please join your peers and connect with your chapter at https://isc2chapters.isc2.org.
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
leri_R
Viewer
‎01-16-2026 11:04 AM
‎01-16-2026 11:04 AM

Security+ or CC

I just recently passed the CompTIA Security+ exam, and I wanted to find out if I should still take the CC. I am currently a MIS student and would like to pursue a career in GRC. 

Labels
Reply
0 Kudos
3 Replies
mdouble2
Newcomer III
‎02-08-2026 11:48 PM
‎02-08-2026 11:48 PM

Hi

   I don't think you need to do a CC.

Take a look at the summary below. I hope it answers your question. 

 

 

Security+ is the deeper, more technical certification; ISC2 CC is the lighter, foundational starting point. That’s the core difference. Everything else is nuance.

 

CGRC sits above both Security+ and ISC2 CC in depth, scope, and career impact. It’s the first certification in this trio that is truly governance‑heavy, framework‑driven.

🧩 What CGRC actually is

CGRC (Certified in Governance, Risk and Compliance) is ISC2’s certification focused on risk management frameworks, authorization processes, and continuous monitoring. It’s built around NIST RMF but applies broadly to enterprise governance.

It validates that you can:

  • Interpret and apply security and privacy frameworks
  • Run risk assessments and categorize systems
  • Select, implement, and assess controls
  • Support audit readiness and compliance reporting
  • Guide organizations through governance processes

This is the first cert in the lineup that directly maps to your day‑to‑day GRC governance work.

🧠 How CGRC compares to CC and Security+

ISC2 CC

  • Foundation-level
  • High-level concepts
  • No deep framework work

Security+

  • Technical baseline
  • Threats, vulnerabilities, architecture, operations
  • Not governance‑focused

CGRC

  • Governance and risk specialization
  • Frameworks, controls, authorization, compliance
  • Scenario-heavy and aligned with real GRC workflows

🎯 Career impact

CGRC signals that you can operate at a governance and compliance practitioner level, not just understand cybersecurity basics.

It’s especially relevant for:

  • GRC analyst / specialist
  • Risk analyst
  • Compliance analyst
  • Audit readiness roles
  • FedRAMP / NIST RMF environments
  • Enterprise governance teams

It’s also a strong differentiator for senior GRC roles because it demonstrates you can run a governance process, not just understand it.

 

Reply
0 Kudos
leri_R
Viewer
‎02-09-2026 08:23 AM
‎02-09-2026 08:23 AM

Thank you for the detailed reply. gave me the answer to my question plus more!

Reply
mdouble2
Newcomer III
‎02-09-2026 11:57 AM
‎02-09-2026 11:57 AM

Great to hear. If you like my response, please give it a kudos.
Reply
0 Kudos