ISC2 CGRC Complete Governance Risk & Compliance Course

NIST RMF, SP 800-53 Controls, ATO Authorization & ISCM — Full ISC2 CGRC Certification Prep

ISC2 CGRC Complete Governance Risk & Compliance Course - Codeintra

Make Someone's Day

Share this incredible course!

The ISC2 CGRC certification is the benchmark credential for governance, risk, and compliance professionals working with federal information systems — and demand for ISSO, GRC analyst, and security authorization roles has never been higher. This course delivers complete, exam-accurate preparation for all seven CGRC domains, built directly from the NIST RMF and the publications ISC2 actually tests. Every module is taught the way a practitioner thinks — not as a memorization drill, but as a decision framework you can apply on the exam and on the job.


---

WHAT THIS COURSE COVERS


Nine modules. Seven CGRC domains. One complete path from RMF foundations to certification.


• Module 0 — Course Introduction: CGRC exam format (125 questions, CAT, 700 passing score), eligibility requirements, domainCISA career comparison, and a eligibility requirements, domainCISA career comparison, and aproven study strategy built around the management mindset ISC2 rewards                       

• Module 1 — Domain 1: Risk Management Program: SP 800-39 three-tier organizational risk       model, SP 800-30 risk assessmentrchy (FISMA, OMB A-130, EO14028), RMF roles (AO, ISSO, SCA, SAOP), five risk response strategies, SP 800-161 supply      chain risk management, and qualianalysis including ALE, SLE, andARO                                                                                           

• Module 2 — Domain 2: Scope of the Information System: FIPS 199 CIA impact categorization and the high-water mark rule, SP 800 authorization boundarydefinition for cloud and contractor-operated systems, FedRAMP shared responsibility, privacy scoping via PTA/PIA/SORN, ISA anments, and National SecuritySystems under CNSSI 1253                                                                     

• Module 3 — Domain 3: Control Selection: All 20 SP 800-53 Rev 5 control families including  the new PT (privacy) and SR (suprate/High baselines from SP800-53B, four tailoring mechanisms (scoping, parameterization, compensating controls,        additions), FedRAMP and ICS/SCADto AC, IA, AU, SC, SI, CM, SA,and RA families                                                                             

• Module 4 — Domain 4: Control Implementation: SSP structure with five implementation        statuses, common and hybrid contn management using DISA STIGs,CIS Benchmarks, and SCAP automation, Zero Trust Architecture per SP 800-207 and EO 14028, RMFintegration across the full SDLCPO/MTTR), and media sanitizationunder SP 800-88                                                                             

• Module 5 — Domain 5: Security Assessment: SAP construction and assessor independence rules scaled by impact level, SP 800-5hods, vulnerability scanning with CVSS/CVE/KEV and BOD 22-01 mandates, penetration testing rules of engagement per SP 800-115, SAR findings rated CAT I–IV, POAred/blue/purple team exercisesfor High-impact systems                                                                     

• Module 6 — Domain 6: System Authorization: Complete authorization package (SSP, SAR, POA&M,PIA, Executive Summary), AO riskTO with Conditions, DATO),Authorization Decision Letter required elements, ongoing authorization vs. traditional 3-yearATO, and the critical distinctio security perfection
• Module 7 — Domain 7: Continuoustep ISCM process, securitymetric types (implementation, effectiveness, efficiency, impact), Security Impact Analysis fosignificant changes, SP 800-61 iwith 1-hour CISA reportingrequirement, CDM program phases, SCAP automation (CVE, CVSS, XCCDF, OVAL), and SP 800-88     system disposal
• Module 8 — Exam Prep & Final R management-mindset strategy,complete NIST publication reference map, RMF artifact trail by step, critical acronyms       (AO/ATO/DATO, SSP/SAP/SAR/POA&M, trap answers, key exam numbers,and a 30-day CGRC study sprint plan                                                         

WHAT YOU WILL LEARN
• Apply the NIST RMF seven-step les — AO, ISSO, SCA, and SAOP —to real authorization scenarios                                                             
• Categorize federal informationP 800-60, applying the high-water mark rule without error                                                                      • Select and tailor SP 800-53 Reument all tailoring decisions ina compliant SSP                                                                              • Build a complete authorizationual risk in language AuthorizingOfficials accept                                                                             • Conduct security assessments u findings CAT I–IV, and managePOA&M lifecycle from open to verified closed                                                 
• Design and sustain an ISCM pro including significant change SIA and 1-hour federal incident reporting                                                       
• Distinguish ATO, ATO with Condhorization — and know when eachapplies                                                                                      • Answer CGRC scenario questionsecision mindset ISC2 consistently rewards                                                                                     

---                                                                                         
WHO THIS COURSE IS FOR

                                                                                             
• ISSO, ISSM, and system owner cSC2 CGRC certification exam

• Federal employees and defense contractors who work daily with ATO packages, SSPs, and POA&M• GRC analysts and compliance ofRMF on live programs

• CISSP or CISA holders adding CGRC as a specialized GRC credential                         
• IT professionals transitioningbersecurity governance andauthorization                                                                                • Auditors and privacy officers ll security authorizationlifecycle                                                                                   

---                                                                                         
WHY THIS COURSE

                                                                                             
Armaan Sidana holds the OSCP, CEhat bridges offensive security,technical depth, and enterprise audit. Every domain is taught as a decision framework, not a glossary. You will understand whs, how the RMF steps connect toeach other, and how to think through the scenario questions ISC2 designs to catch candidates who memorized without understand

                                                                                              ---

If you are serious about the ISC2 CGRC — enroll today, work through every module, and show up to the exam ready to think like

Learning Objectives

🔹Apply the NIST RMF's 7 steps and three-tier risk model to establish organizational governance, assign roles, and execute ATO risk-acceptance decisions
🔹Conduct FIPS 199 CIA impact categorization with SP 800-60 information types to scope authorization boundaries and determine PIA and SORN privacy obligations.
🔹Select and tailor NIST SP 800-53 Rev 5 control baselines, implement system-specific and inherited controls, and document decisions in the System Security Plan.
🔹Evaluate security and privacy controls using SAP/SAR/POA&M triad, rate findings by severity, and sustain authorization through ISCM and change impact analysis.

Prerequisites

🔹Basic understanding of IT security concepts — CIA triad, authentication, encryption, and network fundamentals. No programming experience required
🔹Familiarity with how organizations handle risk — experience in IT, audit, compliance, or security roles (even entry-level) is helpful but not mandatory.
🔹No specific tools or software required. All concepts are framework-based and policy-driven. A PDF viewer to reference NIST publications alongside the course is recommended.
🔹This course is suitable for IT professionals, auditors, project managers, and anyone pursuing ISC2 CGRC. Beginners with curiosity about GRC can follow along from Module 0.

Who This Course Is For

🔹IT and cybersecurity professionals pursuing the ISC2 CGRC certification who want structured, exam-focused instruction covering all 7 domains of the CGRC CBK.
🔹Federal employees, contractors, and consultants working with NIST RMF, ATO packages, FedRAMP, or FISMA compliance who need to formalize and deepen their practical knowledge.
🔹GRC analysts, ISSOs, system owners, and compliance officers responsible for security authorization, control selection, risk assessments, or POA&M management.
🔹Career changers from IT, audit, or project management backgrounds who want to break into cybersecurity governance and risk without a technical coding background.

Course Details
Price FREE
Views 0
Lectures 9
Duration 3 hours
Last Update 13-Jul-2026
Release Date 13-Jul-2026
Category IT & Software
This course includes:

📹 Video lectures

📄 Downloadable resources

📱 Mobile & desktop access

🎓 Certificate of completion

♾️ Lifetime access

RELATED COURSES