Certification Overview
The GIAC Critical Controls Certification (GCCC) is the only certification based on the CIS Controls, a prioritized, risk-based approach to security.
This certification ensures that candidates have the knowledge and skills to implement and execute the CIS Critical Controls recommended by the Council on Cybersecurity, and perform audits based on the standard.
This certification ensures that candidates have the knowledge and skills to implement and execute the CIS Critical Controls recommended by the Council on Cybersecurity, and perform audits based on the standard.
Areas Covered
- Background, purpose, and implementation of the CIS Critical controls
- Account monitoring, application software security, boundary defense, and controlled use of administrative privileges and need-to-know access
- Data protection and data recovery capability; email & web browser protections; inventory and control of hardware and software assets; and limitation and control of network ports
- Maintenance, monitoring, and analysis of audit logs; secure configurations for hardware, software, and network devices; and wireless access control
Who is GCCC for?
- Security professionals, auditors, CIOs, and risk officers
- Information assurance auditors
- System implementers or administrators
- Network security engineers
- IT administrators
- Department of Defense (DoD) personnel or contractors
- Federal agencies or clients
- Security vendors and consultants
Exam Format
- 1 proctored exam
- 75 questions
- 2 hours
- Minimum passing score of 71%
