The SCF maps to 200+ unique laws, regulations, and frameworks across five geographic categories: General, USA, EMEA, APAC, and Americas. When you implement SCF controls, you satisfy requirements across all mapped LRF simultaneously through Set Theory Relationship Mapping (STRM).
The SCF Authoritative Sources tab in the downloadable spreadsheet contains every mapped LRF. Each SCF control includes columns showing which specific LRF requirements that control satisfies. These Authoritative Sources are categorized by:
To understand the coverage for these Laws, Regulations and Frameworks (LRF), please read through how the SCF leverages Set Theory Relationship Mapping (STRM) according to NIST IR 8477 to demonstrate how SCF controls address targeted LRF requirements. The 2026.1 version of the SCF contains coverage for 250 unique LRF:
The practical result: if your organization needs to comply with GDPR, HIPAA, and NIST CSF 2.0 simultaneously, you implement a single tailored set of SCF controls rather than three separate compliance programs. Each control tells you exactly which requirements from each framework it addresses.
The SCF maps to 200+ cybersecurity and data privacy laws, regulations, and frameworks worldwide. Filter by region or search to find what you need.
Practical Application
Understanding which LRF are mapped to the SCF allows you to use the framework as a single source of truth for your compliance program. Here’s how practitioners apply LRF coverage in real-world programs.
01
Identify Your MCR. Determine which laws, regulations and frameworks apply to your organization. Each applicable LRF represents a Minimum Compliance Requirement (MCR) that must be satisfied.
02
Filter Controls by LRF. Use the SCF spreadsheet to filter controls by your applicable LRF. Every control mapped to that framework represents a requirement you need to address in your program.
03
Satisfy Multiple LRF Simultaneously. Because multiple LRF map to the same SCF controls, implementing a single control can satisfy requirements across several frameworks at once, dramatically reducing compliance effort.
The SCF is a volunteer-maintained, open-source project. If a framework you need isn’t currently mapped, you can contribute to the project or contact the SCF team to request coverage. New LRF mappings are added with each quarterly release.
What To Explore Next
The LRF coverage is just one part of what makes the SCF the most comprehensive free cybersecurity metaframework. Explore these related areas to get the full picture.
Set Theory Relationship Mapping (STRM)
Understand how the SCF uses NIST IR 8477 to create authoritative, mathematically-sound crosswalk mappings between frameworks.
SCF Domains & Principles
Explore the 33 control domains that organize the 1,400+ SCF controls and see how they align with the frameworks you care about.
SCRMS Implementation
Learn how to implement a Security, Compliance & Resilience Management System using the SCF as your foundational control framework.
Download the SCF
Get the complete SCF spreadsheet with all 1,400+ controls and every LRF mapping. Free. No registration required.
%20(white).png)
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
Lorem ipsum dolor sit amet, consectetur adipiscing elit.
.png)