securecontrolsframework.com /blog/
Blog - Secure Controls Framework
Active Web Watch

 


Cybersecurity & Data Protection Assessment Standards

Cybersecurity & Data Protection Assessment Standards

Posted by SCF Council on Oct 21st 2024

We are pleased to announce the release of the Cybersecurity & Data Protection Assessment Standards (CDPAS)!This is a cohesive, consistent set of standards to govern cybersecurity and data protection related Third Party Assessment, Attestation and Certification Services (3PAAC Services). The C …

People, Processes, Technology, Data, and Facilities (PPTDF)

Posted by SCF Council on Jan 24th 2024

This is a somewhat contentious topic in the cybersecurity community. When you are discussing the scope of applicability for controls, is it: Limited to People, Processes & Technology (PPT)?Inclusive of data with People, Processes, Technology & Data (PPTD)? orComprehensive to include phys …

Metaframework Benefits For Your Compliance Efforts

Posted by SCF Council on Jan 22nd 2024

A metaframework is a “framework of frameworks” and is useful for organizations that need to adhere to multiple laws, regulations and frameworks. The Secure Controls Framework (SCF) is a metaframework and offers numerous benefits for your compliance efforts by providing a structured and integrated …

The Hierarchical Nature of Cybersecurity Documentation

Posted by SCF Council on Jan 16th 2024

In the dynamic landscape of cybersecurity, where the stakes are high and threats are ever-evolving, the importance of meticulous documentation cannot be overstated. What often goes unnoticed is the hierarchical structure that underpins cybersecurity and data protection documentation. This articl …

SCFConnect - SaaS approach to using the SCF

Posted by SCF Council on Mar 2nd 2023

SCFConnect will be a game changer for those who use the Secure Controls Framework (SCF):Cost-effective, SCF-based GRC platformSCF Conformity Assessment Program (CAP) will use the SCFConnect as the Single Source of Truth (SSOT) for performing conformity assessments.This video provides a quick overvie …

Secure Controls Framework (SCF) Newsletter 2023 Q1

Posted by SCF Council on Mar 1st 2023

SCF version 2023.1 has new content, as well as some exciting capabilities enhancements:New domain for Artificial Intelligence & Autonomous Technologies (AAT) Assessment Objectives (AOs)Conformity Assessment Program (CAP)SCFConnectSCF MarketplaceEvidence Request List (ERL)Updated Risk & Threat Catalo …

SCF Risk & Threat Catalog

Posted by SCF Council on Jan 19th 2023

In addition to cybersecurity and privacy controls, the Secure Controls Framework (SCF) contains a separate risk and threat catalog, which have mappings to applicable SCF controls. These risk and threat catalogs are also leveraged within the Security & Privacy Risk Management Model (SP-RMM) that …

Let's Talk About Evidence - Evidence Request List (ERL)

Posted by SCF Council on Nov 2nd 2022

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for an assessment. This is going to be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls (it …

Defense In Depth Podcast - SCF

Posted by SCF Council on Feb 23rd 2021

The SCF was the topic in the most current version of the Defense In Depth podcast series by David Spark, the creator of CISO Series and Allan Alford, the CISO at Mitel. The founder of the SCF, Tom Cornelius, was invited to answer direct questions on this framework. If you are interested in the SCF a …

Updated Security & Privacy Capability Maturity Model (SP-CMM)

Posted by SCF Council on Apr 25th 2023

The Secure Controls Framework (SCF) release 2023.2 contains completely new content for its Security & Privacy Capability Maturity Model (SP-CMM). This effort was conducted to help streamline and standardize maturity criteria. If you are unfamiliar with the SP-CMM, it has been around for about 4 …

SCF 2023.2

Posted by SCF Council on Apr 25th 2023

We are pleased to announce the 2023.2 release of the Secure Controls Framework (SCF). This release represents a minor update. While there are no new controls in this release, the Security & Privacy Capability Maturity Model (SP-CMM) was completely refreshed with new content and that represents a …