SecProve
LeadershipVendor-neutralISO 17024ISACA· issued from US

CGEIT

Certified in the Governance of Enterprise IT

Board / executive-level IT governance and investment oversight.

Official page at ISACA↔ Compare with another cert
Exam fee
$760
Ongoing
$45/yr AMF · 40 CPE/yr
Study time
100–200 hrs
Delivery
Test center
Validity
3 yrs (renewal cycle)

› Quality score

14.5 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor
How well-defined and rigorous the exam blueprint is.
Five domains, but written at a board / portfolio altitude that's hard to test rigorously.
6.0/10
Practical evidence
Hands-on labs / written reports vs pure MCQ.
No lab. Heavy reading load with case-study MCQs.
0.5/10
Currency & upkeep
How aggressively content is kept current with the field.
Updates trail the broader IT-governance landscape (COBIT cadence helps).
4.0/10
Market recognition
How often this signal actually moves a hiring decision.
Recognised among CIOs and IT auditors but a niche signal outside that lane. [Holders: 12k, 2024-12]
4.0/10

› Market signals

public, citable inputs to the recognition score
Holders worldwide
12,000
as of 2024-12 · source

› Built for these roles

IT Director / VPCIO / Deputy CIOIT Governance ConsultantBoard IT advisor

› Exam format

150 multiple-choice questions over 4 hours, English. Pearson VUE proctored. Heavy on COBIT, portfolio prioritization, and benefits realization.

Passing score
450/800 (scaled)
Retake policy
Fee: $760 per attempt
Wait: 30d between attempts
Cap: 4 attempts/year

ISACA member $575 / non-member $760. Max 4 attempts per rolling 12-month window.

› Recertification

120 CPEs over the three-year cycle (avg 40/yr) plus the $45/yr ISACA member fee ($85/yr non-members).

› 3-year cost of ownership

Exam (1×)
$760
AMF (3×)
$135@$45/yr
Total
$895

Excludes study materials, training, retake risk, and lost-wage opportunity. Use as a floor estimate.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-007OG-WRL-010OG-WRL-014
Recognition
GlobalUSEUUKDACH
Exam languages
en

› Core domains covered

The 2 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

A18Security Leadership

Cyber risk quantification, board communication, security program development, budget & ROI.

› Prerequisites

Experience

Five years of IT governance experience with at least one year in defining / establishing IT governance.

Knowledge assumed
  • IT governance frameworks (COBIT, ITIL)
  • Portfolio and benefits management
  • Board communication

› Progression

requiredrecommended

Where this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.

Required prereqs (0)

No vendor-gated prereqs.

Recommended priors (2)
CISAISACACISMISACA
CGEIT
ISACA
Required by (0)

No certs require this one.

Recommended next (0)

No follow-on certs reference this one yet.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides
Training providers
  • ISACA Official CGEIT Online Course
Practice tests
  • ISACA CGEIT QAE
Free / community

› Version & lifecycle

Current version
2020 job-practice analysis
Released
2020-12

Five domains. ISACA refresh cadence is ~5 years; expect a refresh ~2025–2026.

› Salary signal

IT governance lead / enterprise architect, US, 7+ years.

$130K$190K
median $155K

ISACA Salary Survey + Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

vs
CISM

CGEIT is broader IT governance; CISM is security-program-specific. Different scopes, often complementary.

↔ Compare side-by-side

› Careers that commonly pursue this cert

CISO / Security Leader

Lead security strategy, communicate risk to the board, and build security programs. Executive-level cybersecurity leadership.

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain mapBrowse all certifications