SCF CAP - Assessment Guides

This page contains published Third-Party Assessment, Attestation & Certification (3PAAC) guides and standards for applicable Laws, Regulations & Frameworks (LRF) that are capable of having an SCF Assessment performed. When a LRF is added, a new 3PAAC guide & standards document will be published that is specific to that LRF:

NIST CSF 2.0 Assessment Guide

The NIST CSF 2.0 assessment guide download is: https://securecontrolsframework.com/content/cap/ag-nist-csf-v-1-0.pdf

For organizations that have a current Cybersecurity Maturity Model Certification (CMMC) Level 2 certification and want to leverage reciprocity towards NIST CSF 2.0 certification can use a different assessment guide that can be downloaded from: https://securecontrolsframework.com/content/cap/ag-cmmc-l2-nist-csf-v-1-0.pdf (only applicable if the organization holds a current CMMC L2 certification)

HIPAA Security Rule Assessment Guide

The HIPAA Security Rule (NIST SP 800-66) assessment guide download is: https://securecontrolsframework.com/content/cap/ag-hipaa-security-rule-v-1-0.pdf

SCF Tailored Assessment Guide

For organization-defined assessments, the SCF Tailored assessment guide download is: https://securecontrolsframework.com/content/cap/ag-scf-tailoredf-v-1-0.pdf