ISC2 Certified in Governance, Risk and Compliance® (CGRC®)

The Official ISC2® Training for the Certified in Governance, Risk and Compliance (CGRC™) provides a comprehensive review of the knowledge required to authorise and maintain information systems using the NIST Risk Management Framework. This course is designed to help learners reinforce their understanding, identify areas for further study, and prepare effectively for the CGRC exam.

The training fully aligns with, and covers in depth, the seven domains of the ISC2 CGRC Common Body of Knowledge (CBK®). All official courseware is developed directly by ISC2, ensuring the content is accurate, relevant, and up to date. Instruction is delivered by verified security professionals who hold the CGRC certification and have completed rigorous training to teach ISC2 course material.

ISC2 has introduced exciting 2026 updates to enhance the learning experience for CGRC candidates. The course shifts away from traditional lecture heavy delivery and moves toward a more engaging, interactive format. This learner focused approach encourages collaboration, discussion, and hands on application—helping delegates deepen their understanding, stay actively involved, and feel more confident and prepared for the exam.

At the end of this course, you’ll either sit the CGRC exam or receive an exam voucher, and achieve your ISC2 Certified in Governance, Risk and Compliance (CGRC) certification.

Through Firebrand’s Lecture | Lab | Review methodology, you’ll get certified at twice the speed of traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.

ISC2 Preferred Plus Training Partner

At Firebrand, we are proud to be an Official Training Preferred Plus Training Partner of ISC2 for 2026 in recognition of our commitment to delivering world-class training, certification, and professional development opportunities for Cybersecurity professionals.

This course is for individuals planning to pursue the CGRC certification.

The CGRC is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in federal government, military, civilian roles, local governments and private sector organisations.

Roles include:

• ISSOs, ISSMs and other infosec/information assurance practitioners who are focused on security assessment and authorization (traditional C&A) and continuous monitoring issues
• Executives who must "sign off" on Authority to Operate (ATO).
  Inspector generals (IGs) and auditors who perform independent reviews
• Program managers who develop or maintain IT systems
• IT professionals interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management

• Domain 1: Information Security Risk Management Program
• Domain 2: Scope of the Information System
• Domain 3: Selection and Approval of Security and Privacy Controls
• Domain 4: Implementation of Security and Privacy Controls
• Domain 5: Assessment/Audit of Security and Privacy Controls
• Domain 6: Authorization/Approval of Information System
• Domain 7: Continuous Monitoring

At the end of this course, you'll sit the official ISC2 CGRC® exam at the Firebrand Training Centre, covered by the Firebrand Certification Guarantee.

If you receive an exam voucher, you can sit the exam at any Pearson VUE Authorized Test Center, also covered by our Certification Guarantee.

• Duration: 3 hours
• Format: Multiple choice
• Number of questions: 125
• Passing score: 700 out of 1000 points
• Languages: English
• Domains:
  • Security and Privacy Governance, Risk Management, and Compliance Program 16%
  • Scope of the System 10%
  • Selection and Approval of Framework, Security, and Privacy Controls 14%
  • Implementation of Security and Privacy Controls 17%
  • Assessment/Audit of Security and Privacy Controls 16%
  • System Compliance 14%
  • Compliance Maintenance 13%

Candidates must have a minimum of two years cumulative work experience in one or more of the seven domains of the CGRC CBK.

A candidate that doesn’t have the required experience to become a CGRC may become an Associate of ISC2 by successfully passing the CGRC examination.

The Associate of ISC2 will then have three years to earn the two years of required, relevant experience.

Learn more about CGRC experience requirements and how to account for part-time work and internships here.

CPE credits can be earned by attending this 4-day CGRC course. 
ISC2 recognises a maximum of 40 CPEs for an existing ISC2 certification holder, by attending this class you will earn 38 CPEs.

Your accelerated course includes:

• Accommodation *
• Meals, unlimited snacks, beverages, tea and coffee *
• On-site exams **
• Exam vouchers **
• Practice tests **
• Certification Guarantee ***
• Courseware
• Up to 12 hours of instructor-led training each day
• 24-hour lab access
• Digital courseware **

* For residential training only. Accommodation is included from the night before the course starts. This doesn't apply to online courses.
** Some exceptions apply. Please refer to the Exam Track or speak with our experts.
*** Pass the first time or train again for free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.

Seven reasons why you should sit your course with Firebrand Training

• Two training options. Choose between residential classroom-based and online courses
• You'll be certified fast. With us, you’ll be trained in record time
• Our course is all-inclusive. A one-off fee covers all course materials, exams**, accommodation* and meals*. No hidden extras.
• Pass the first time or train again for free. This is our guarantee. We’re confident you’ll pass your course the first time. But if not, come back within a year and only pay for accommodation, exams and incidental costs
• You’ll learn more. A day with a traditional training provider generally runs from 9am–5pm, with a nice long break for lunch. With Firebrand, you’ll get at least 12 hours/day of quality learning time with your instructor
• You’ll learn faster. Chances are, you’ll have a different learning style to those around you. We combine visual, auditory and tactile styles to deliver the material in a way that ensures you will learn faster and more easily
• You’ll be studying with the best. We’ve been named in the Training Industry’s “Top 20 IT Training Companies of the Year” every year since 2010. As well as winning many more awards, we’ve trained and certified over 135,000 professionals

*For residential training only. Doesn't apply for online courses
**Some exceptions apply. Please refer to the Exam Track or speak with our experts

Are you ready for the course? 

Get access to free practice tests for your course  Free Practice Test