ISACA · Official Blueprint · Last reviewed May 2026
The official ISACA CRISC exam covers 4 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
Azure Policy, RBAC, Microsoft Defender for Cloud, compliance frameworks (GDPR, ISO), the Azure Pricing Calculator, TCO Calculator, and the Trust Center.
Covers the topics, concepts, and applied skills examined under the IT Risk Assessment domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Risk Response and Reporting domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Information Technology and Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
The heaviest domain on the CRISC is "Governance" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use Courseiva domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.