Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF 2023.2

SCF 2023.2

Posted by SCF Council on Apr 25th 2023

We are pleased to announce the 2023.2 release of the Secure Controls Framework (SCF). This release represents a minor update. While there are no new controls in this release, the Security & Privacy Capability Maturity Model (SP-CMM) was completely refreshed with new content and that represents a massive undertaking by SCF contributors. The refreshed SP-CMM will play an integral role in the SCF's Conformity Assessment Program (CAP) and ability to more clearly assess risks with the Security & Privacy Risk Management Model (SP-RMM). The SP-CMM also added an additional use case that pertains to cybersecurity & privacy due diligence in Mergers & Acquisitions (M&A) assessments. Exciting stuff! 

But wait, there's more! In addition to the SP-CMM refresh, we included new mappings that the SCF community requested: 

  • Safeguarding of Naval Nuclear Propulsion Information (NNPI)
  • Trust Services Criteria 2017 (points of focus) 
  • UK Cyber Assessment Framework v3.1 

The new version of the SCF can be downloaded from: