Secure Controls Framework (SCF) Download

Before downloading the SCF, here are some free guides to help understand key concepts of the SCF so that you can operationalize this framework in your environment:

• Start Here - Guide to using the SCF
• Cybersecurity & Data Privacy (C|P) Principles
• Integrated Controls Management (ICM)
• Capability Maturity Model
• Risk Management Model
• Data Privacy Management Principles

To download the Secure Controls Framework (SCF), we require you to provide your basic contact information. The reason for this is to help SCF users maintain situational awareness about updates, new content and other pertinent information about the SCF.

Alternative Download

We understand not everyone may want to provide their information to download the SCF. Because of this, we provide an alternative method of downloading the SCF through GitHub. There, in addition to being able to download the latest version of the SCF, you can also view and download previous versions to see how the SCF has grown over the years thanks to our community's support! 

Join Our Discord!

The SCF's Discord Server is an excellent place to learn more about the SCF, share your SCF experiences and network with other SCF practitioners. We look forward to seeing you there!

SCF Connect

SCF Connect is an independent organization from both the SCF Council and SCF Accreditation Body (SCF-AB). The integration of the SCF logo is due to it being the official tool for the SCF Conformity Assessment Program (SCF-CAP) where SCF Connect will serve as the Single Source of Truth (SSOT) for third-party conformity assessments. SCF Connect is designed to interface with other GRC solutions via API, so your existing GRC should be able to populate evidence into a SCF Connect instance. Contact SCF Connect directly for any technical assistance questions on API integrations.

SCF Connect helps eliminate the guesswork associated with operationalizing the SCF and takes the SCF's capabilities to a whole new level:

• Intuitive SaaS platform that eliminates the need to use Excel.
• Straightforward and simple solution to tailor and assess controls that includes the SCF's maturity model criteria and Assessment Objectives (AOs).
• Priced at $200/month!

 

Like What You See?

The SCF is a community-run project that is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of data privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis. The end product is "expert-derived content" that makes up the SCF.

Because this is a community-run project, we accept donations because it helps advance the efforts to continue growing the SCF. If you would like to donate and help grow the SCF, you can do so below, and we are grateful for your support!