It’s official. (ISC)² has updated the name of the Certified Authorization Professional (CAP) certification to Certified in Governance, Risk, and Compliance (CGRC), effective February 15, 2023.
What this change means for you:
- The name change has not affected the exam and training for this certification.
- The exam was last refreshed in August of 2021, and 30 Bird’s course titled (ISC)² Certified Authorization Professional (CAP) maps to that exam.
- As of April 2022, the 30 Bird CGRC (formerly CAP) courseware is up to date with all NIST and (ISC)² updates.
- To accommodate the name change, 30 Bird has retired the course titled (ISC)² Certified Authorization Professional (CAP) and replaced it with (ISC)² Certified in Governance, Risk and Compliance (CGRC).
- If you already hold the CAP certification, your digital certificate will update in your (ISC)² account. Look for an email from Credly to accept a new version of the digital badge representing the change to CGRC.
- We repeat: None of the course content has changed. Only the certification name has changed. .
What is (ISC)²?
Linked In wonders what you’re waiting for. They say (and we agree) that “the International Information Systems Security Certification Consortium, Inc., also known as (ISC)², is a respected and accredited American institute that provides some of the most relevant and essential certifications worldwide for the Information Security and related areas. And, of course, recognition for those certified guarantees a high degree of employability, with attractive salaries and open doors in the professional world of this area of work.
All (ISC)² certifications are accredited and recognized to the highest global standards for professional certifications from the world’s leading authorities, such as ANSI (American National Standards Institute), IAF (International Accreditation Forum), IAS (International Accreditation Service ) and DoD (Department of Defense), which even met the requirements of Directive 8570.1 and were approved by ANSI for the ISO/IEC 17024 standard.”
What is (ISC)² CGRC certification?
According to Infosec Institute, (ISC)², CGRC (formerly CAP) is “an advanced-level certification meant to validate the knowledge and skills required for an IT professional to authorize and maintain information systems. Specifically, this credential applies to those responsible for organizing processes within the RMF using procedures and best practices established by the cybersecurity experts at (ISC)².” This certification allows an individual to align an organization’s business objectives with its information technology while also fulfilling regulatory compliance and risk management requirements.
Who Can Get CGRC (CAP) Certified?
CGRC certification is for IT/IS professionals working in the fields of Governance, Risk, and Compliance (GRC) who can demonstrate expertise in the Risk Management Framework (RMF) and for anyone who needs to understand, apply and implement risk management programs for a corporation’s IT systems. Two years of cumulative paid work experience in one or more of the seven domains of knowledge (listed below) is required for certification. Internships and part-time work may count towards the work experience requirement. However, those who do not have the necessary work experience but pass the CGRC exam can become an Associate of (ISC)² and are given three years to complete the two years of required work experience.
Possible CGRC Career Paths:
IT Risk Manager
Chief Information Security Officer
Information Security Risk Manager
Information Systems Auditor
Information Systems Manager
Information Security Manager
Information Assurance Manager
Information Assurance Engineer
Authorization Specialist
Security Consultant
IT Security Manager
Cyber Security Analyst
Cyber Security Engineer
What Can Instructors Expect to Find in the 30 Bird Courseware?
30 Bird’s comprehensive courseware covers all seven of the domains and references identified in the most recent (ISC)² CGRC Certification Exam Outline issued in 2021:
Information Security Risk Management Program
Scope of the Information System
Selection and Approval of Security and Privacy Controls
Implementation of Security and Privacy Controls
Assessment/Audit of Security and Privacy Controls
Authorization/Approval of Information System
Continuous Monitoring
The courseware also comes with downloadable ancillary materials, including sample documents, a list of NIST publications and regulatory documents, a study guide, and a references and policies handout.
30 Bird Course Instructors Are Never Alone
30 Bird has experts who can answer your questions as you navigate our courseware options. We stand by ready to help you make the best choice for you and your students. Consider us your support team, on-hand experts, cheerleaders, and one-stop shop for all your courseware needs. Reach out to us.
