The Secure Controls FrameworkCouncil, LLC (SCF Council), publisher of a leading cybersecurity metaframework,is pleased to announce the appointment of The Cyber AB as the exclusiveAccreditation Body (AB) for the SCF Conformity Assessment Program (SCF CAP). This new partnership marks a significant advancementto the Program and will enhance the global landscape of compliance andcertification within the cybersecurity industry.
The SCF CAP is focused onusing the Secure Controls Framework (SCF) as the control set to provide acompany-level certification. While the SCF CAP shares some similarities withother existing, single-focused certifications (e.g., ISO 27001, FedRAMP,etc.), the SCF CAP is unique in its metaframework approach to addressingcybersecurity and data protection requirements that span multiple laws,regulations, and conformity regimes. The SCF CAP is designed to utilizetailored cybersecurity and data protection controls that specifically addressthe applicable statutory, regulatory, and contractual obligations with which anorganization is required to comply.
The Cyber AB’s primary rolewill be to accredit the SCF Third-Party Assessment Organizations (SCF 3PAOs)and oversee the conflict-of-interest governance throughout the program.
Speaking about thepartnership, Tom Cornelius, founder of the SCF Council, said, “Thecollaboration between the SCF Council and The Cyber AB will change howcybersecurity certification is regarded, with SCF CAP offering a more efficient andtailored solution with the trust and confidence of an accredited third-partyassessment. By combining the content, process, and technology of the SCF CAPwith the capabilities and global reach of The Cyber AB, this partnership willraise the bar as to how third-party cybersecurity and data protectionassessments are performed.”
The SCF CAP leverages theprinciples of the Cybersecurity & Data Protection AssessmentStandards (CDPAS) to simplify andstandardize third-party assessments. The SCF CAP harnesses efficienciesprovided by the CDPAS and minimizes assumptions that exist with otherthird-party assessments. This results in the SCF CAP providing organizationswith a meaningful certification that accurately reflects its security posture,offering a streamlined way to demonstrate compliance to partners, clients andother stakeholders.
“Earning an ‘SCF Certified’credential will represent a significant accomplishment, rather than be viewedas a ‘participation ribbon’ that is of little practical value, nor indicativeof an organization’s true security posture,” Cornelius said. “Attaining an SCF certification by an accreditedthird-party will be a worthwhile endeavor for organizations as it raises thecredibility bar of their compliance.”
As the sole accreditation bodyfor SCF CAP, The Cyber AB will operate independently, providing oversight ofthe program’s accreditation and assessment processes.
“We are honored to bedesignated as the accreditor for the SCF CAP” said Matthew Travis, Chief Executive Officer of TheCyber AB. “We believe embracing third-party validation of cybersecurity conformityis how organizations will choose to best manage digital risk for themselves andtheir business partners, and we are excited for the immense potential of SCF CAP.”
The accreditation program forSCF CAP is expected to be rolled out in the first half of 2025.
About the Secure ControlsFramework Council LLC (SCF Council)
The SCF Council publishes theSecure Controls Framework (SCF)under a Creative Commons licensing model, which is available to organizationsfree of charge. The SCF serves as a “framework of frameworks,” simplifying andunifying cybersecurity and data protection controls. It provides a scalablemethod for organizations to address both their compliance obligations andsecurity needs, helping them operationalize cybersecurity, risk management andthird-party governance.
The SCF Council is dedicatedto simplifying the complex landscape of cybersecurity and data protectioncontrols. The SCF meta-framework integrates multiple standards into a holisticcontrol set, allowing organizations to operationalize cybersecurity and managerisk with a straightforward approach.
About the Cyber AB
Founded in 2020, The Cyber AB is a Maryland-based, independent, nonprofit 501(c)(3)tax-exempt organization that provides accreditation services for cybersecurityconformity regimes. The Cyber AB also serves as the exclusive accreditationbody for the U.S. Department of Defense Cybersecurity Maturity ModelCertification (CMMC) Program.
For more information about this collaboration and the SCF CAP, pleasevisit https://securecontrolsframework.com/scf-conformity-assessment-program-cap.
%20(white).png)
.png)