SCF Errata

This page will be periodically updated with errata (e.g., edits or changes) to the Secure Controls Framework (SCF) that reflect both minor and major revisions to the SCF. This page lists the current version of errata that is pertinent to the latest version of the SCF. For historical errata, that can be obtained from the SCF GitHub repository - https://github.com/securecontrolsframework/securecontrolsframework

Current Release Errata (2024-12-30)

Version 2024.4 represents a minor update, based on new and changed controls. The SCF had a minor formatting change that changed bullet listings to numbered listings. You can download the new version of the SCF and errata from:

Added Set Theory Relationship Mappings (STRM) for:

Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Cybersecurity Performance Goals (CPG)
Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Secure Software Development Attestation Form (SSDAF)
HIPAA Security Rule (NIST SP 800-66 R2)
HIPAA Administrative Simplification
CIS CSC 8.1

Removed mappings to:

HIPAA
NIST 800-66 R2 (combined it into the new HIPAA Security Rule column)
CIS CSC 8.0

New controls:

SAT-05
THR-06.1

Renamed controls:

DCH-06.3
DCH-18.1
DCH-18.2

Wordsmithed standards:

CFG-02.1
DCH-18.2

Wordsmithed controls:

DCH-18.1
DCH-18.2
IRO-02
IAO-02.2
PRI-01.2
RSK-02
TDA-09
TDA-15
TPM-08

Updating mappings:

FAR 52.204-21
- GOV-01
- GOV-02
- GOV-04
- GOV-04.1
- GOV-15
- PES-03
- PES-03.3
NIS2
- AST-02
NIST 800-53 R4
- CFG-02
- CFG-02.1
NIST 800-53 R5
- CFG-02
- CFG-02.1
- MON-03
NIST 800-171 R2
- CLD-06
- CLD-10
- CFG-02
- CFG-02.1
- NET-02.2
- PES-06.1
- WEB-02
- WEB-04
NIST 800-171A
- CLD-06
- CLD-10
- NET-02.2
- PES-05
- PES-05.1
- PES-05.2
- PES-06
- PES-06.1
- WEB-02
- WEB-04
NIST 800-171 R3
- DCH-14
- IAO-02
- NET-02.2
- PES-06.1
- TDA-02
NIST 800-171A R3
- NET-02.2
- PES-06.1