
- Designing SCF-based security programs aligned to business requirements
- Control selection, rationalization, and tailoring using the SCF
- Implementing the Security, Compliance & Resilience Management System (SCRMS)
- Mapping organizational obligations to SCF control families
- Minimum Security Requirements (MSR) development
- SCF integration with GRC platforms and tooling
What the SCF Architect Certification Covers
The SCF Architect curriculum is structured around program design and implementation, building on Practitioner foundations to cover strategic program architecture, control rationalization, and operational deployment of SCF-based security programs.
Program Architecture & Design
How to design SCF-based cybersecurity programs aligned to organizational business requirements, risk tolerance, and applicable regulatory obligations. Covers program structure, governance, and the SCRMS implementation model.
Control Selection & Rationalization
Using the SCF to select, tailor, and rationalize controls across the organization's applicable LRF obligations. Covers establishing a Minimum Security Requirements (MSR) control set and documenting control rationale.
SCRMS Implementation
Operationalizing the Security, Compliance & Resilience Management System (SCRMS) within an organization. Covers deploying the SCRMS model to create a continuously operating SCF-based program.
Strategic Alignment
Aligning SCF-based programs to organizational strategy, business objectives, and the strategic/operational/tactical hierarchy. Covers presenting security program value to executive leadership and boards.
Guiding SCF Practitioners
How SCF Architects direct and support SCF Practitioners during control implementation. Covers translating program design into actionable tasks, resolving implementation questions, and maintaining program coherence.
GRC Platform Integration
How to integrate SCF-based programs with GRC platforms, tooling, and documentation systems. Covers using SCF Connect (SSOT) and other tools to maintain a single source of truth for control status and compliance evidence.
The SCF Architect Role in the CAP Ecosystem
The SCF Architect role sits between the Practitioner (who implements) and the Assessor (who evaluates). Architects are the program designers. They establish the framework within which Practitioners operate, and they prepare the evidence infrastructure that Assessors will evaluate during SCF CAP conformity assessments.
SCF Architects employed by Registered Provider Organizations (RPOs) provide design and implementation advisory services to Organizations Seeking Assessment (OSAs), helping them build programs that will be assessed by 3PAOs.

Where the SCF Architect Fits in the SAICO Path
The SCF Architect is the next step in the three-track SAICO certification path following the SCF Practitioner, building on Practitioner foundations to design & implement programs that will be assessed by 3PAOs.
SCF Practitioner
Foundation Level: Prerequisite. The recommended starting point. Practitioner knowledge underpins Architect-level program design decisions.
SCF Architect
Current: Design & Implementation. Design SCF-based programs; address tactical, operational, and strategic needs; guide Practitioners through implementation.
SCF Assessor
Advanced: Assessment & Audit. Lead SCF CAP assessment teams; evaluate controls against Assessment Objectives; qualify to work within a 3PAO.
.png)
%20(white).png)