Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Evidence Request List (ERL)

The SCF's Evidence Request List (ERL) is designed to standardize and streamline the evidence request process for a SCF-based assessment. However, the ERL can be used as a guidebook for "reasonable" artifacts to demonstrate evidence of due diligence and due care for other cybersecurity and/or privacy audits or assessments.

The ERL will be utilized as part of the SCF's Conformity Assessment Program (CAP) to identify reasonably-expected artifacts/evidence to meet applicable SCF controls, since the identified evidence artifacts are mapped to SCF controls. The benefits are:

  1. It levels the playing field by establishing evidence expectations upfront so there are no surprises; and
  2. It prevents an assessor from literally making up documentation requirements on the fly.

Since "time is money" when it comes to an audit/assessment, the ERL is specifically designed to make assessments more efficient, therefore less expensive. The ERL is one of the tabs that is included as part of the SCF

1 of 1 Items
  • Excel version of STRM mapping

    STRM Bundle - Excel Versions

    This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF).  There is a one (1) month period of time to access the STRM download (from...

    $20.00
    Add to Cart
1 of 1 Items

© 2026 Secure Controls Framework All rights reserved. | Sitemap