NCAE Mapping Hub Authoritative cross-reference for DCWF, NCAE Knowledge Units, O*NET, and the EWU Cyber Operations program

Security+ · 5.0 Program Management

GRC (Governance, Risk, Compliance)

The discipline of aligning security controls with business goals, laws, and standards. Governance = policies. Risk = identify + mitigate. Compliance = proving adherence (SOC 2, PCI, HIPAA).

How this shows up at NCAE

Not directly scored at NCAE, but DCWF 612 Security Control Assessor lives here. Injects sometimes simulate compliance reporting (write a report on your security controls).