We are pleased to announce the 2023.2 release of the Secure Controls Framework (SCF). This release represents a minor update. While there are no new controls in this release, the Security & Privacy Capability Maturity Model (SP-CMM) was completely refreshed with new content and that represents a massive undertaking by SCF contributors. The refreshed SP-CMM will play an integral role in the SCF's Conformity Assessment Program (CAP) and ability to more clearly assess risks with the Security & Privacy Risk Management Model (SP-RMM). The SP-CMM also added an additional use case that pertains to cybersecurity & privacy due diligence in Mergers & Acquisitions (M&A) assessments. Exciting stuff!
But wait, there's more! In addition to the SP-CMM refresh, we included new mappings that the SCF community requested:
- Safeguarding of Naval Nuclear Propulsion Information (NNPI)
- Trust Services Criteria 2017 (points of focus)
- UK Cyber Assessment Framework v3.1
The new version of the SCF can be downloaded from: https://securecontrolsframework.com/scf-download/