› Certifications · compare
Compare certifications
Pick up to 3 certifications and compare them side-by-side on cost, exam format, recertification, salary signal, quality, and domain coverage.
ISACA · professional
CRISCCertified in Risk and Information Systems Control
Enterprise risk identification, assessment, and response + IT controls.
Official pageISACA · leadership
CISMCertified Information Security Manager
Security program management, risk, governance, and incident governance. The manager / CISO-track signal.
Official pageComparing
ISACACRISC
ISACACISM
› Cost
Exam fee
CRISC$760
CISM$760
Exam fee
$760
$760
Annual maintenance fee
CRISC$45/yr
CISM$45/yr
Annual maintenance fee
$45/yr
$45/yr
3-year cost of ownership
CRISC$895
CISM$895
3-year cost of ownership
$895
$895
› Exam mechanics
Pass mark
CRISC450/800 (scaled)
CISM450/800 (scaled)
Pass mark
450/800 (scaled)
450/800 (scaled)
Retake policy
CRISC$575 fee · 30d wait · 4/yr cap
CISM$575 fee · 30d wait · 4/yr cap
Retake policy
$575 fee · 30d wait · 4/yr cap
$575 fee · 30d wait · 4/yr cap
Study time
CRISC100–200 hrs
CISM100–200 hrs
Study time
100–200 hrs
100–200 hrs
Validity
CRISC3 yrs
CISM3 yrs
Validity
3 yrs
3 yrs
CPE / yr
CRISC40 CPEs
CISM40 CPEs
CPE / yr
40 CPEs
40 CPEs
Delivery
CRISCtest center
CISMtest center
Delivery
test center
test center
› Salary signal (US base)
Range
CRISC$115K – $165K
CISM$130K – $190K
Range
$115K – $165K
$130K – $190K
Median
CRISC$135,000
CISM$155,000
Median
$135,000
$155,000
Premium %
CRISC+9%
CISM+11%
Premium %
+9%
+11%
Role context
CRISCIT risk analyst / IT risk manager, US, 5+ years.
CISMInformation security manager / director, US, 5+ years.
Role context
IT risk analyst / IT risk manager, US, 5+ years.
Information security manager / director, US, 5+ years.
› Quality (4-axis rubric · 0–10)
Schema quality
CRISC8.5
CISM9.0
Schema quality
8.5
9.0
Practice evidence
CRISC1.0
CISM1.0
Practice evidence
1.0
1.0
Maintenance
CRISC7.5
CISM8.5
Maintenance
7.5
8.5
Market recognition
CRISC7.0
CISM9.0
Market recognition
7.0
9.0
Average
CRISC6.0
CISM6.9
Average
6.0
6.9
› Recognition & lifecycle
Recognition
CRISCGlobal · US · EU · UK · DACH
CISMGlobal · US · EU · UK · DACH
Recognition
Global · US · EU · UK · DACH
Global · US · EU · UK · DACH
ISO 17024 accredited
CRISC✓
CISM✓
ISO 17024 accredited
✓
✓
DoD 8140 baseline
CRISC—
CISM✓
DoD 8140 baseline
—
✓
Holders worldwide
CRISC30,000
CISM70,000
Holders worldwide
30,000
70,000
Current version
CRISC2021 job-practice analysis (2021-08)
CISM2022 job-practice analysis (2022-06)
Current version
2021 job-practice analysis (2021-08)
2022 job-practice analysis (2022-06)
› Domain coverage
A1Governance, Risk & Compliance
CRISC● core
CISM● core
A1Governance, Risk & Compliance
● core
● core
A11Detection Engineering & Threat Hunting
CRISC·
CISM⚠ gap
A11Detection Engineering & Threat Hunting
·
⚠ gap
A12Data Security, Privacy & Protection
CRISC·
CISM○ touched
A12Data Security, Privacy & Protection
·
○ touched
A13Supply Chain Security
CRISC○ touched
CISM○ touched
A13Supply Chain Security
○ touched
○ touched
A18Security Leadership
CRISC● core
CISM● core
A18Security Leadership
● core
● core
A25Security Architecture & Engineering
CRISC·
CISM○ touched
A25Security Architecture & Engineering
·
○ touched
A4Application Security
CRISC·
CISM⚠ gap
A4Application Security
·
⚠ gap
A5Cloud Security
CRISC·
CISM⚠ gap
A5Cloud Security
·
⚠ gap
A7Incident Response & Forensics
CRISC·
CISM● core
A7Incident Response & Forensics
·
● core
A9Penetration Testing & Red Teaming
CRISC·
CISM⚠ gap
A9Penetration Testing & Red Teaming
·
⚠ gap
B1AI-Powered Threat Detection
CRISC·
CISM⚠ gap
B1AI-Powered Threat Detection
·
⚠ gap
C1Adversarial Machine Learning
CRISC·
CISM⚠ gap
C1Adversarial Machine Learning
·
⚠ gap
C7AI Governance & Risk
CRISC○ touched
CISM·
C7AI Governance & Risk
○ touched
·
Browse the full catalog or open any one of these on its detail page for full study materials, peer comparisons, and lifecycle notes.