AssociateVendor-neutralGIAC· issued from US

GISF

GIAC Information Security Fundamentals

Official page at GIAC ↔ Compare with another cert

Exam fee

$979

Ongoing

$0/yr AMF · 9 CPE/yr

Study time

40–80 hrs

Delivery

Hybrid

Validity

4 yrs (renewal cycle)

› Quality score

22.0 / 40

Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.

Blueprint rigor

How well-defined and rigorous the exam blueprint is.

Information Security Fundamentals — entry tier.

6.5/10

Practical evidence

Hands-on labs / written reports vs pure MCQ.

Largely MCQ recognition.

3.5/10

Currency & upkeep

How aggressively content is kept current with the field.

Updates trail SEC301 cadence.

7.0/10

Market recognition

How often this signal actually moves a hiring decision.

Stepping-stone credential; modest standalone weight.

5.0/10

› Exam format

75 questions + CyberLive, 3 hours, open-book, proctored via Pearson VUE. Passing score: ~70%.

Passing score

67% (scaled per attempt)

Retake policy

Fee: $999 per attempt

Wait: 30d between attempts

30-day wait between attempts. SANS course bundles typically include 2 attempts.

› Recertification

Valid for 4 years. Renewal via 36 CPE credits or renewal exam (479 USD). Each GIAC cert separately.

› NICE Framework work roles

The NIST NICE work-role IDs this cert maps to. NICCS lookup.

OG-WRL-014OG-WRL-012IO-WRL-003OG-WRL-001OG-WRL-008OG-WRL-013

Recognition

Global

Exam languages

› Core domains covered

The 1 domain this cert is centrally about. Passing the exam demonstrates working knowledge of each.

A1Governance, Risk & Compliance

Risk frameworks (NIST RMF, ISO 31000, FAIR), policy development, audit, regulatory compliance, third-party risk.

› Prerequisites

Experience

None. Entry-level certification for IT security fundamentals.

› Study materials

Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.

Official guides

SANS SEC301 Course Materials — SANS

Training providers

SANS SEC301 Introduction to Cyber Security

Practice tests

GIAC Practice Tests (2 included with exam)

Free / community

SANS White Papers (free)

› Version & lifecycle

Current version

2024 SEC301 refresh

Released

2024-04

› Salary signal

Entry-level cybersecurity analyst, US, 0-2 years.

$65K–$100K

median $80K

Robert Half Salary Guide · 2024 · US base only · p25–p75 range

› How it compares

Security+

GISF is SANS-grade fundamentals; Security+ has stronger hiring-manager recognition at entry tier.

↔ Compare side-by-side

See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.

Highlight on the domain map Browse all certifications