Secure Controls Framework
Download The SCF
Start Here
Free Content
SCF CORE
GRC Fundamentals
SCF Certified
Marketplace
FAQAboutContact
SCF Certified

SCF Practitioner

The foundation-level SAICO certification for cybersecurity professionals who implement and maintain SCF-based security programs. SCF Practitioners are the hands-on implementers who translate SCF control requirements into daily operational reality.

Enroll Now
Download Syllabus
Certification Details
What Is an SCF Practitioner?
SCF Practitioners are SAICO-certified individuals with the knowledge and skills to work within SCF-based cybersecurity and data protection programs at the implementation level.
Foundation Level · SAICO Certification
SCF Practitioner
The SCF Practitioner is the entry-point certification for cybersecurity professionals who work with the SCF or whose organizations use the SCF as a foundation for their security programs. It provides a thorough understanding of the SCF structure, control domains, and how to operate as a practitioner within an SCF-based program.
Ideal for: GRC analysts, security program managers, compliance officers, and IT security professionals who are implementing or managing security controls aligned to the SCF.
What Does This Certification Cover?
  • Structure and architecture of the Secure Controls Framework
  • SCF control domains and control objectives
  • Common Controls Framework™ (CCF™) and its use in practice
  • Security, Compliance & Resilience (SCR) model fundamentals
  • How to implement and track SCF-based controls
  • SCF's relationship to laws, regulations, and frameworks
Enroll Now
Curriculum & Learning Objectives

What the SCF Practitioner Certification Covers

The SCF Practitioner syllabus provides a structured curriculum covering the foundational knowledge and skills required to effectively implement and maintain SCF-based security programs.

SCF Structure & Architecture

How the Secure Controls Framework is organized, including the 33 control domains, control objectives, and the relationship between the SCF and the Common Controls Framework™ (CCF™).

Control Implementation

Practical knowledge of how to implement SCF controls against applicable laws, regulations, and frameworks as mapped in the SCF, including how to track control implementation status.

SCR Model Fundamentals

The Security, Compliance & Resilience (SCR) model that underpins SCF implementation, including how each pillar relates to control implementation activities performed by practitioners.

Program Maintenance

How to sustain and operate an SCF-based program over time, including maintaining evidence of due diligence and due care, managing control exceptions, and supporting compliance reporting.

LRF Mapping Fundamentals

How the SCF's Law, Regulation, and Framework (LRF) mappings work in practice, enabling practitioners to understand how implementing SCF controls satisfies obligations across multiple authorities simultaneously.

Practitioner Role in CAP Ecosystem

How the SCF Practitioner role fits within the broader SCF CAP Ecosystem, including how Practitioners support SCF Architects with control implementation and interact with organizational documentation requirements.

SCF CAP Ecosystem

The SCF Practitioner Role in the CAP Ecosystem

The SCF Practitioner role exists within the SCF CAP Ecosystem, the structured network of organizations and individuals that make up the SCF Conformity Assessment Program.

As certified implementers, SCF Practitioners are the individuals who translate SCF control frameworks into day-to-day operational security practices within organizations pursuing or maintaining SCF CAP certifications. They work under the direction of SCF Architects who design the program, and support the evidence collection processes that SCF Assessors will evaluate during conformity assessments.

Continue Your SAICO Journey

Next Steps in the SAICO Certification Path

The SCF Practitioner is the first of three SAICO certification tracks. After completing the Practitioner, candidates can advance to the Architect (design & implementation) or Assessor (assessment & audit) certifications.

SCF Practitioner

Current: Foundation Level. Implement and maintain SCF controls aligned with SCF recommended practices and the SCF.

Enroll Now

SCF Architect

Next Step: Design & Implementation. Architect and design SCF-based programs; address tactical, operational, and strategic security needs; guide Practitioners.

Learn More

SCF Assessor

Advanced: Assessment & Audit. Lead or participate in SCF CAP assessment teams; evaluate controls against Assessment Objectives to determine conformity.

Learn More

Join 25,000+ GRC Professionals

Get the latest SCF updates, cybersecurity insights, and community news delivered to your inbox. You know you want to do it!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Controls are your security, compliance & resilience program - A control is the power to influence or direct behaviors and the course of events.

DOWNLOAD THE SCF

Start Here

What Is The SCF?How To Implement (SCRMS)Domains & PrinciplesLaws & Frameworks (LRF)Relationship Mapping (STRM)NIST OLIR ParticipationESG Considerations

Free Content

SCF DownloadRisk Management (SCR-RMM)Maturity Model (SCR-CMM)Assessment Standards (CDPAS)Mergers & Acquisitions (MA&D)Privacy Principles (DPMP)Evidence Request List (ERL)Scoping Guide (USG)

Resources

GRC FundamentalsSCF CertifiedMarketplaceBlogFAQAbout

Support

DonateVolunteer

© 2026 Secure Controls Framework Council, LLC. All rights reserved.

Terms & ConditionsPrivacyCookiesSitemap