Controls are your cybersecurity & privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF Errata

This page will be periodically updated with errata (e.g., edits or changes) to the Secure Controls Framework (SCF) that reflect both minor and major revisions to the SCF. This page lists the current version of errata that is pertinent to the latest version of the SCF. For historical errata, that can be obtained from the SCF GitHub repository - https://github.com/securecontrolsframework/securecontrolsframework

Current Release Errata (2023-04-26)

Version 2023.2 represents a minor update. While there are no new controls, the Security & Privacy Capability Maturity Model (SP-CMM) was completely refreshed with new content.

Added Mapping:

  • Safeguarding of Naval Nuclear Propulsion Information (NNPI)
  • Trust Services Criteria 2017 (points of focus)
  • UK Cyber Assessment Framework v3.1

Wordsmithing control:

  • NET-08.1
  • NET-08.2

Updated Mapping:

  • NIST CSF 1.1
    • AST-01
    • AST-09
    • CFG-01
    • CHG-01
    • CRY-01
    • END-01
    • IAC-10
    • IRO-02
    • IRO-04
    • IRO-05
    • MNT-01
    • MON-02
    • RSK-02
    • RSK-09
    • SEA-07
    • TDA-01
    • THR-01
    • TPM-01
    • TPM-03
    • TPM-04
    • VPM-03
  • NIST SP 800-171
    • AST-01
    • AST-02.1
    • AST-05
    • CHG-01
    • CLD-01
    • CLD-02
    • CLD-03
    • CPL-02.1
    • CPL-03
    • CFG-02
    • CFG-03.2
    • CPL-03
    • MON-02
    • MON-03.1
    • CRY-03
    • CRY-04
    • CRY-09
    • DCH-03
    • DCH-06
    • DCH-13.1
    • END-03
    • HRS-05
    • IAC-04
    • IAC-08
    • IAC-16
    • IAC-16.1
    • IAC-21.1
    • IAC-21.3
    • IAC-21.4
    • IAC-24.1
    • IRO-05
    • IAO-02
    • IAO-03.2
    • MNT-04.1
    • MDM-01
    • MDM-06
    • MDM-07
    • NET-04.1
    • NET-08
    • NET-14
    • NET-14.5
    • NET-18
    • PES-04
    • PES-05
    • PES-05.1
    • PES-05.2
    • PES-12
    • PES-12.1
    • PES-12.2
    • SEA-03
    • SEA-07
    • SEA-18.1
    • SEA-18.2
    • SEA-20
    • TDA-01
    • TDA-08
    • TPM-05
    • TPM-05.2
    • THR-01
    • THR-03
    • VPM-05
    • VPM-06.3
  • NIST SP 800-171A
    • CRY-09
    • DCH-03
    • IAC-08
  • CMMC
    • AST-01
    • AST-04.1
    • CHG-01
    • CPL-02.1
    • CPL-03
    • CFG-02
    • CFG-03.2
    • MON-02
    • MON-03.1
    • CRY-03
    • CRY-09
    • DCH-03
    • DCH-06
    • DCH-13.1
    • END-03
    • IAC-04
    • IAC-08
    • IAC-16
    • IAC-16.1
    • IAC-21.1
    • IAC-21.3
    • IAC-21.4
    • IAC-24.1
    • IRO-05
    • IAO-02
    • IAO-03.2
    • MNT-04.1
    • MDM-01
    • MDM-06
    • MDM-07
    • NET-08
    • NET-14
    • NET-14.5
    • NET-18
    • PES-04
    • PES-05
    • PES-05.1
    • PES-05.2
    • PES-12
    • PES-12.1
    • PES-12.2
    • SEA-03
    • SEA-18.1
    • SEA-18.2
    • SEA-20
    • TDA-08
    • TPM-05
    • TPM-05.2
    • THR-01
    • THR-03
    • VPM-05
    • VPM-06.3
  • NIST SP 800-53 R5
    • AST-02.5
    • CPL-03
    • HRS-05
    • TDA-01
  • DFARS 252.204-7012
    • TPM-05.2
  • PCI DSS 3.2
    • IAC-01
  • ISO 27001
    • NET-08.1
  • ISO 27002
    • IRO-11
    • NET-08.1
    • PRI-02
    • PRI-02.1
    • WEB-02
  • COBIT 2019
    • GOV-02
    • GOV-05.1
    • GOV-05.2
    • IAO-04
    • TDA-15
    • VPM-04
    • IAO-05
  • TSC 2017
    • GOV-15.1
    • GOV-15.2
  • CIS 8.0
    • BCD-01
    • CFG-01
    • CFG-02
    • CFG-02.1