STRM Bundle - Excel Versions

This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF). 

Included in the 2025.1 STRM mappings in Excel include the following:

1. Service Organization Control - Trust Services Criteria (TSC) - SOC2 (2022 points of focus)
2. Critical Security Controls (CSC) version 8.1
3. IEC TR 60601-4-5:2021
4. 27001:2022 - Information Security Management Systems (ISMS) - Requirements
5. 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls
6. ISO/IEC 42001:2023 - Information technology - Artificial intelligence - Management system
7. NIST SP 800-53 R5 - Security and Privacy Controls for Information Systems and Organizations
8. NIST SP 800-161 R1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations
9. NIST SP 800-171 R2 - Protecting CUI in Nonfederal Systems and Organizations
10. NIST SP 800-171 R3
11. NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information
12. NIST 800-171A R3
13. NIST SP 800-207 - Zero Trust Architecture
14. NIST SP 800-218 - Secure Software Development Framework (SSDF) Version 1.1:
15. NIST Cybersecurity Framework (CSF) v2.0
16. Payment Card Industry Data Security Standard (PCI DSS) v4.01
17. Space Attack Research & Tactic Analysis (SPARTA) Countermeasures
18. TISAX ISA 6.0.3
19. CISA Cross-Sector Cybersecurity Performance Goals (CPG)
20. CISA Secure Software Development Attestation Form (SSDAF)
21. US DOJ / FBI - Criminal Justice Information Services (CJIS) Security Policy v5.9.3
22. Cybersecurity Maturity Model Certification (CMMC) v2.0 Level 1
23. DoD Zero Trust Reference Architecture v2
24. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Trusted Internet Connections 3.0 Security Capabilities Catalog
25. Gramm Leach Bliley Act (GLBA) - CFR 314 (Dec 2023)
26. HIPAA Administrative Simplification (2013)
27. HIPAA Security Rule (includes mapping to NIST SP 800-66 R2)
28. Data Privacy Framework (DPF)
29. Cybersecurity Final Rule (Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure)
30. California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) - November 2022 version
31. NY - Cybersecurity Requirements for Financial Services Companies (DFS 23 NYCRR500) - 2023 Amendment 2
32. OR - Consumer Privacy Act (SB 619)
33. TN - Information Protection Act
34. TX - Consumer Data Protection Act (CDPA)
35. EU Digital Operational Resilience Act (DORA) (2023)
36. General Data Protection Regulation (GDPR)
37. ENISA NIS2 (Directive (EU) 2022/2555)
38. Saudi Arabia IoT CGIoT-1:2024
39. Saudi Arabia Personal Data Protection Law (PDPL)
40. BOE-A-2022-7191
41. UAE National Information Assurance Framework (NIAF)
42. Ministry of Defence Standard 05-138 (14 May 2024)
43. Australia Essential Eight
44. Australian Government Information Security Manual (ISM) (June 2024)
45. China Cybersecurity Law of the People's Republic of China (China Cybersecurity Law) 2017
46. India Digital Personal Data Protection Act 2023
47. NZ Health Information Security Framework (2022)
48. NZ HISO 10029:2024 NZ Health Information Security Framework Guidance for Suppliers
49. Canada Protecting controlled information in non-Government of Canada systems and organizations (ITSP.10.171)

Canada B-13