Skip to content
RMF-CGRC Certification Training

RMF-CGRC Certification Training

$2,495.00 Per Enrollment

Price Includes:

Courseware and ‘Price & Quality Guarantee’

This (ISC)2 RMF-CGRC certification training course is aimed at anyone working in or planning to work in, mid-to higher-level management positions governing information risk and security.

CGRC certification maps closely to the NIST Risk Management Framework (RMF) providing candidates a way to validate their understanding of this essential federal risk management process.

Particularly beneficial for federal government employees, where RMF is mandatory, this course will also benefit similar positions in private organizations that are increasingly integrating all or part of the RFM process into their operations.

Led by an (ISC)² skilled instructor, the CGRC certification training class provides a comprehensive review of information systems security concepts and industry best practices, covering the 7 domains of the CGRC.

CGRC certification satisfies DOD 8570 IAT IAM Level I


Got Questions?

For more information about your specific needs, call us at (301) 220 2802 or complete the form below:

No classes currently scheduled, please call for more information.


Days & Times



"The TrainACE team was great in getting me situated with the classes I need. Very friendly, knowledgeable and intelligent. They were able to map out the right classes to enroll in for my career path. The entire TrainAce team is phenomenal!"

Karen Carboo RMF/CGRC Student


Learn More About RMF-CGRC


Jump To:

    Class Schedule

    • Greenbelt & Live-Online

      11/06/23 - 11/09/23

       Mon-Thu (8:30am-5pm)

    • Greenbelt & Live-Online

      01/16/24 - 01/19/24

       Tue-Fri (8:30am-5pm)

    Get your RMF-CGRC Certification Training training in our convenient IT training centers in Maryland or Virginia.


    What is RMF?

    The Risk Management Framework (RMF) was created by the National Institute of Standards and Technology (NIST) to help secure Federal information systems. The framework provides standards, processes, and guidelines for risk management in securing computers and networks.

    RMF is a highly structured process that incorporates information security, risk management, and privacy activities into a seven-step system development cycle:

    • Prepare – Setting up the RMF by defining context and priorities for managing privacy and security at the system and organizational levels
    • Categorize – Conduct an impact analysis to determine the chosen information system and the data stored in, processed by, and transmitted by that system
    • Select – Based on the security categorization determine baseline security controls for the chosen information system
    • Implement – Action the previously determined security controls
    • Assess – Have a third party review the security controls and have them ensure those controls are applied to the system properly
    • Monitor – Continuously review security controls within the information system based on the previously documented processes

    While RMF is primarily used throughout the Federal government, some private companies have adopted all or part of the RMF process so that their operations dovetail neatly with their government contracts. More commonly, however, many private companies have adopted NIST's Cybersecurity Framework (CSF), elements of which also align with RMF.


    What is CGRC and How is it Related to RMF?

     Certified Authorization Professional (CGRC) is an IT certification offered by (ISC)2. Aimed primarily at information security practitioners, CGRC certification maps closely to the NIST Risk Management Framework (RMF), providing a way for IT professionals to prove their knowledge of this important federal risk management process.

    CGRC training and certification is particularly important for anyone working for the US federal government, but also for those people in private businesses that work or are hoping to work on government contracts. Many organizations around the Washington DC region, including Maryland and Virginia, have adopted all or part of the RMF process in their day-to-day operations.


    If you're looking to progress up the cybersecurity chain of command in an organization you'll need to delve deeper into risk management. RMF-CGRC training and certification will prove that you understand the fundamentals of this critical management function and ready you for executive-level positions when the time comes.

    Once you have your security basics down, maybe attained CompTIA Security+, but certainly gained several years experience in IT, RMF-CGRC training will take you to the next level and prepare you for management roles.

    TrainACE's RMF/CGRC course is designed for IT professionals with some experience in information security.  You will be a practitioner who champions system security commensurate with an organization’s mission and risk tolerance while meeting legal and regulatory requirements.

    RMF-CGRC training mirrors the NIST system authorization process in compliance with the Office of Management and Budget (OMB) Circular A-130, Appendix III. Led by a qualified (ISC)² instructor, the CGRC training seminar provides a comprehensive review of information systems security concepts and industry best practices, covering the 7 domains of the CGRC.

    Several types of activities are used throughout the course to reinforce topics and increase knowledge retention. These activities include open-ended questions from the instructor to the students, group assignments, matching and poll questions, group activities, open/closed questions, and group discussions. Each activity was developed to support the learning appropriate to the course topic.

    Organizations of all sizes in the Washington DC region understand the importance of information security and continue to invest large sums in relevant technology and skilled personnel. This investment has been validated by the fact that numerous government employees in Information Assurance (IA) positions, and any contractors who serve IA functions, are now required to have a CGRC certification. This requirement was initiated as part of the DoD-8570 directive and directly applies to entry and mid-level IT personnel.

    At TrainACE, our (ISC)² classes are taught by certified IT security professionals in Maryland, Virginia, or DC with a minimum of 3 years of teaching experience. Our instructors are also required to have IT security and cybersecurity experience along with additional, supplementary certifications and continued education in the industry. All classes are 32 hours long and available as daytime, evening, or weekend schedules.

    Signup today for our convenient 5-day RMF-CGRC boot camp!


    What you need to know before taking RMF-CGRC training


    (ISC)² RMF-CGRC is a mid-level certification that requires a minimum of two years of documented experience in one or more of the seven CGRC domains. You may take the certification exam prior to completing the experience requirement, but you must then complete the experience requirement in order to gain full accreditation.

    This RMF-CGRC Bootcamp is appropriate for Managers, system owners, and IT/security personnel that are either transitioning to or implementing risk management fundamentals for the first time.


      What Are the Benefits of RMF-CGRC Certification in DC?

      With a large concentration of government and military organizations around the Washington DC region the advantage of gaining mid-level risk management skills should be fairly self-evident. Anyone looking to climb the cybersecurity or risk management career ladder can do well in a region where many security-conscious organizations are based.

        How Long Does RMF-CGRC Training Take?

        TrainACE’s RMF-CGRC training and certification course is a four-day deep dive into risk management knowledge. It will establish set you on a path to large-scale risk management planning required by higher-level security positions.

        Exam and Certification Requirements:

        For full accreditation, you must have at least two years of cumulative paid work experience in at least one of the seven domains of the CGRC Common Body of Knowledge.

        Current CGRC exam:

        • 3 hours
        • 125 questions
        • Passing Score 700 out of 1000 points


        Is RMF-CGRC Certification Worth It?

        If you work or intend to work, for the US government or military, in any type of information assurance role, being able to validate that you understand RMF processes is essential. Getting your CGRC certification is the best way to do that and is certainly worth it.

        Outside of the federal workforce, RMF is increasingly being adopted by companies that work with the government. This is particularly true around Washington DC, Maryland, and Virginia, where a large proportion of IT companies are taking on government contracts that require security-aware technicians.

        Having a CGRC level of certification not only proves you understand the technical aspects of risk management but carries with it the assurance that you have a number of years of experience working in the IT security field.


        What will I learn in this RMF-CGRC class?

        Topics & Concepts Covered in Our RMF/CGRC Training Include:

        • Risk Management Process & Framework

        • Information Security, FISMA, C&A

        • System Identification (SIP)

        • Risk & Its Relation to Threat, Vulnerability & Control Relationships

        • Assessment & Accreditation Process

        • Configuration Management

        • Security Assessment and Authorization

        This training course will help candidates review and refresh their information security knowledge and help identify areas they need to study for the CGRC exam and features:

        • Approved (ISC)² courseware

        • Taught by an authorized (ISC)² instructor

        • Student handbook

        • Collaboration with classmates

        • Real-world learning activities and scenarios