Cybersecurity

(ISC)² CGRC

ISC2 governance / risk / compliance cert (formerly CAP). Narrow but credible in federal / regulated markets.

DifficultyIntermediate

StudyVaries

ExamVaries

Valid—

Reality check

ISC2 governance / risk / compliance cert (formerly CAP). Narrow but credible in federal / regulated markets. Pursue if: You're in or aimed at federal / regulated GRC. Avoid if: You're outside those markets. CISA or CRISC is broader.

In context

This cert in isolation tells you very little. Here is where it actually sits. The pathways that use it, and the roles it realistically supports.

Pathways that include it

GRC (Audit, Risk, Compliance)
Useful add-on once in roleFirst role: GRC Analyst

Recommended prior knowledge

GRC or risk experience

Common misconceptions

It helps with federal/regulated grc roles. It does not unlock operational security roles.
(ISC)² CGRC alone clears HR filters; it doesn't replace shipped, documented work.

What this cert does NOT guarantee

Operational security roles

Practical skills that matter

Federal/regulated GRC roles
Risk analyst shortlists