People, Processes, Technology, Data, and Facilities (PPTDF)

Posted by SCF Council on Jan 24th 2024

This is a somewhat contentious topic in the cybersecurity community. When you are discussing the scope of applicability for controls, is it: Limited to People, Processes & Technology (PPT)?Inclusive of data with People, Processes, Technology & Data (PPTD)? orComprehensive to include phys …

Metaframework Benefits For Your Compliance Efforts

Posted by SCF Council on Jan 22nd 2024

A metaframework is a “framework of frameworks” and is useful for organizations that need to adhere to multiple laws, regulations and frameworks. The Secure Controls Framework (SCF) is a metaframework and offers numerous benefits for your compliance efforts by providing a structured and integrated …

The Hierarchical Nature of Cybersecurity Documentation

Posted by SCF Council on Jan 16th 2024

In the dynamic landscape of cybersecurity, where the stakes are high and threats are ever-evolving, the importance of meticulous documentation cannot be overstated. What often goes unnoticed is the hierarchical structure that underpins cybersecurity and data protection documentation. This articl …

Security & Privacy Capability Maturity Model (SP-CMM) Use Case #4 – Due Diligence In Mergers & Acquisitions (M&A)

Posted by SCF Council on Apr 19th 2023

The Secure Controls Framework (SCF) release 2023.2 contains completely new content for its Security & Privacy Capability Maturity Model (SP-CMM). This effort was conducted to help streamline and standardize maturity criteria. One of the use cases for the SP-CMM is to provide a means to perf …

Security & Privacy Capability Maturity Model (SP-CMM) Use Case #3 – Provide Objective Criteria To Evaluate Third-Party Service Provider Security

Posted by SCF Council on Apr 19th 2023

Security & Privacy Capability Maturity Model (SP-CMM) Use Case #2 – Assist Project Teams To Appropriately Plan & Budget Secure Practices

Posted by SCF Council on Apr 19th 2023

SCFConnect - SaaS approach to using the SCF

Posted by SCF Council on Mar 2nd 2023

SCFConnect will be a game changer for those who use the Secure Controls Framework (SCF):Cost-effective, SCF-based GRC platformSCF Conformity Assessment Program (CAP) will use the SCFConnect as the Single Source of Truth (SSOT) for performing conformity assessments.This video provides a quick overvie …

Secure Controls Framework (SCF) Newsletter 2023 Q1

Posted by SCF Council on Mar 1st 2023

SCF version 2023.1 has new content, as well as some exciting capabilities enhancements:New domain for Artificial Intelligence & Autonomous Technologies (AAT) Assessment Objectives (AOs)Conformity Assessment Program (CAP)SCFConnectSCF MarketplaceEvidence Request List (ERL)Updated Risk & Threat Catalo …

Words Matter - Understanding Policies, Control Objectives, Standards, Guidelines & Procedures

Posted by SCF Council on Feb 11th 2023

Cybersecurity terminology is important. Cybersecurity, IT professionals and legal professionals routinely abuse the terms “policy” and “standard” as if these words are synonymous. In reality, these terms have quite different implications and those differences should be kept in mind, since the use of …

SCF Risk & Threat Catalog

Posted by SCF Council on Jan 19th 2023

In addition to cybersecurity and privacy controls, the Secure Controls Framework (SCF) contains a separate risk and threat catalog, which have mappings to applicable SCF controls. These risk and threat catalogs are also leveraged within the Security & Privacy Risk Management Model (SP-RMM) that …

Let's Talk About Evidence - Evidence Request List (ERL)

Posted by SCF Council on Nov 2nd 2022

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for an assessment. This is going to be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls (it …

Cybersecurity & Privacy Implications For Environmental, Social & Governance (ESG)

Posted by SCF Council on Nov 18th 2021

Environmental, Social & Governance (ESG) criteria are topics of interest for "social responsibility" concerns at the corporate level. ESG is traditionally used to screen potential investments as a way to support and maintain ethical conduct across organizations. However, with the evolving landscape …

Defense In Depth Podcast - SCF

Posted by SCF Council on Feb 23rd 2021

The SCF was the topic in the most current version of the Defense In Depth podcast series by David Spark, the creator of CISO Series and Allan Alford, the CISO at Mitel. The founder of the SCF, Tom Cornelius, was invited to answer direct questions on this framework. If you are interested in the SCF a …

Updated Security & Privacy Capability Maturity Model (SP-CMM)

Posted by SCF Council on Apr 25th 2023

The Secure Controls Framework (SCF) release 2023.2 contains completely new content for its Security & Privacy Capability Maturity Model (SP-CMM). This effort was conducted to help streamline and standardize maturity criteria. If you are unfamiliar with the SP-CMM, it has been around for about 4 …

SCF 2023.2

Posted by SCF Council on Apr 25th 2023

We are pleased to announce the 2023.2 release of the Secure Controls Framework (SCF). This release represents a minor update. While there are no new controls in this release, the Security & Privacy Capability Maturity Model (SP-CMM) was completely refreshed with new content and that represents a …

Security & Privacy Capability Maturity Model (SP-CMM) Use Case #1 – Objective Criteria To Build A Cybersecurity & Privacy Program

Posted by SCF Council on Apr 19th 2023