The Secure Controls Framework offers certification options at both the organization level and the individual level. Whether you are seeking a company-level conformity assessment designation or a professional credential for your cybersecurity career, the SCF certification ecosystem provides a rigorous, practical pathway built on the Common Controls Framework™.
The SCF certification ecosystem serves two distinct audiences: organizations seeking a defensible, third-party-validated security conformity designation, and individual cybersecurity professionals seeking credentials that demonstrate mastery of the SCF and its implementation methodology.
It is possible to become certified using SCF controls. For example, SCF Certified for NIST CSF 2.0, SCF Certified for HIPAA Security Rule, and more. This is all part of the SCF Conformity Assessment Program (SCF CAP). The SCF CAP leverages the SCF's metaframework structure and no-cost content to make conformity assessments more cost-effective, efficient, and objective.
Available certifications include: NIST Cybersecurity Framework 2.0 (NIST CSF 2.0), NY DFS 23 NYCRR Part 500, CMMC Level 1, HIPAA Security Rule (NIST SP 800-66 R2), NIST SP 800-171 R3, NIST SP 800-161 R1, SCF CORE Fundamentals, and more.
The SCF Assessor and Instructor Certification Organization (SAICO) is a department of the SCF dedicated to upholding the highest standards in cybersecurity and compliance. SAICO provides three certification programs that equip cybersecurity professionals with the expertise to evaluate and implement SCF controls effectively. Each course uses Computer-Based Training (CBT), enabling self-paced learning.
Three Certification Tracks:
The SCF CAP Ecosystem consists of seven distinct roles that together enable a complete, auditable conformity assessment process, from initial assessment through ongoing oversight. Each role has defined responsibilities, qualifications, and relationships to other participants.
SCF Third-Party Assessment Organizations: Independent assessment organizations authorized to conduct SCF CAP conformity assessments on behalf of organizations seeking certification.
SCF Authorized Solution Providers: Organizations authorized to provide technology solutions and services that integrate with or support the SCF CAP assessment process.
SCF Registered Provider Organizations: Consulting and advisory organizations registered to provide SCF implementation, advisory, and preparation services.
SCF Organization Seeking Assessment: The organization pursuing SCF CAP certification, the entity whose security posture and controls implementation is being evaluated.
SCF Authorized Control Integrator: Organizations authorized to integrate SCF controls into products, platforms, and services, providing pre-mapped control evidence.
SCF Licensed Training Provider: Organizations licensed to deliver SCF-branded training programs, including preparation courses for individual-level SAICO certifications.
SCF Licensed Content Provider: Organizations licensed to incorporate SCF content into their commercial products, tools, and platforms under the SCF licensing program.
Conformity Assessment Program: The program framework that governs all ecosystem participant roles, assessment standards, and certification requirements. Accreditation Body: The Cyber AB.
The SCF Assessor and Instructor Certification Organization (SAICO) provides three Computer-Based Training (CBT) certification programs. Each follows a defined syllabus to meet the specific learning objectives and standards of the certification track.
Foundation Level: The entry-point certification for cybersecurity professionals who work with the SCF. Covers the structure and application of the SCF, its control domains, and how to use the framework as a practitioner implementing or managing a security program. Self-paced CBT with defined syllabus, SAICO-certified.
Design & Implementation: For cybersecurity professionals who design and implement security programs using the SCF. Covers program architecture, control selection and rationalization, SCF implementation, and the SCRMS operational model. Self-paced CBT with defined syllabus, SAICO-certified.
Assessment & Audit: The advanced certification for professionals who conduct conformity assessments using the SCF methodology. Covers assessment planning, examine-interview-test methodology, evidence evaluation, and SCF CAP assessment procedures. Self-paced CBT with defined syllabus, SAICO-certified.
%20(white).png)
.png)