Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Secure Controls Framework (SCF) Council

STRM Bundle - Excel Versions

$20.00
2 reviews Write a Review
Excel version of STRM mapping
SKU:
STRM-Bundle

This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF). 

There is a one (1) month period of time to access the STRM download (from the date of purchase). Included in the 2025.2 STRM mappings in Excel format include the following:

  1. Universal - AICPA Trust Services Criteria (TSC) with (2022 points of focus)
  2. Universal - CIS Critical Security Controls (CSC) version 8.1
  3. Universal - IEC TR 60601-4-5:2021
  4. Universal - ISO/IEC 27001:2022
  5. Universal - ISO/IEC 27002:2022
  6. Universal - ISO/IEC 42001:2023
  7. Universal - Insurance Data Security Model Law (MDL-668)
  8. Universal - NIST AI 100-1
  9. Universal - NIST AI 600-1
  10. Universal - NIST SP 800-53 R5
  11. Universal - NIST SP 800-161 R
  12. Universal - NIST SP 800-171 R2
  13. Universal - NIST SP 800-171 R3
  14. Universal - NIST SP 800-171A
  15. Universal - NIST 800-171A R3
  16. Universal - NIST SP 800-207
  17. Universal - NIST SP 800-218 v1.1
  18. Universal - NIST Cybersecurity Framework (CSF) v2.0
  19. Universal - Payment Card Industry Data Security Standard (PCI DSS) v4.01
  20. Universal - Space Attack Research & Tactic Analysis (SPARTA) Countermeasures
  21. Universal - Trusted Information Security Assessment Exchange (TISAX) ISA 6.0.3
  22. US - CISA Cross-Sector Cybersecurity Performance Goals (CPG)
  23. US - CISA Secure Software Development Attestation Form (SSDAF)
  24. US - Criminal Justice Information Services (CJIS) Security Policy v5.9.3
  25. US - Cybersecurity Maturity Model Certification (CMMC) v2.0 Level 1
  26. US - Data Privacy Framework (DPF)
  27. US - DoD Zero Trust Reference Architecture v2
  28. US - CISA Trusted Internet Connections 3.0 Security Capabilities Catalog
  29. US - Farm Credit Administration (FCA) Cyber Risk Management
  30. US - Gramm Leach Bliley Act (GLBA) - CFR 314 (Dec 2023)
  31. US - HIPAA Administrative Simplification (2013)
  32. US - HIPAA Security Rule (includes mapping to NIST SP 800-66 R2)
  33. US - NERC CIP 2024
  34. US - SEC Cybersecurity Final Rule
  35. US - California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) - November 2022 version
  36. US - NY - Cybersecurity Requirements for Financial Services Companies (DFS 23 NYCRR500) - 2023 Amendment 2
  37. US - OR - Consumer Privacy Act (SB 619)
  38. US - TN - Information Protection Act
  39. US - TX - Consumer Data Protection Act (CDPA)
  40. EMEA - EU Artificial Intelligence Act (EU AI Act) (Regulation 2024/1689)
  41. EMEA - Digital Operational Resilience Act (DORA) (2023)
  42. EMEA - General Data Protection Regulation (GDPR)
  43. EMEA - NIS2 (Directive 2022/2555)
  44. EMEA - NIS2 Annex
  45. EMEA - EU Cyber Resilience Act
  46. EMEA - EU Cyber Resilience Act - Annexes
  47. EMEA - Saudi Arabia IoT CGIoT-1:2024
  48. EMEA - Saudi Arabia Personal Data Protection Law (PDPL)
  49. EMEA - Spain BOE-A-2022-7191
  50. EMEA - UAE National Information Assurance Framework (NIAF)
  51. EMEA - Ministry of Defence Standard 05-138 (14 May 2024)
  52. APAC - Australia Essential Eight
  53. APAC - Australian Government Information Security Manual (ISM) (June 2024)
  54. APAC - China Cybersecurity Law of the People's Republic of China (China Cybersecurity Law) 2017
  55. APAC - India Digital Personal Data Protection Act 2023
  56. APAC - NZ Health Information Security Framework (2022)
  57. APAC - HISO 10029:2024 NZ Health Information Security Framework Guidance for Suppliers
  58. Americas - Protecting controlled information in non-Government of Canada systems and organizations (ITSP.10.171)
  59. Americas - Canada B-13

2 Reviews

  • 4
    STRM

    Posted by Eric Andresen on Jun 23rd 2025

    You will save a long time trying to map these controls out yourself if all you do is purchase the material for your latest NIS2 project. There are no doubt many ways that this can be applied and if we have this material to show an auditor how the material was organized, I am sure without a doubt that the material will pay off in a big way. The Secure Control Framework is amazing, and I am happy to support the project in any small way that we can.

  • 5
    Excellent value and huge time saver!

    Posted by Udo Schneider on Oct 10th 2024

    We use SCF to map product features to multiple compliance frameworks using control cross-walking. Adding the STRM information, especially the actual requirement text, allows us to tailor our answers specifically to the framework. And for the price, it's a real bargain! Even if you only need to copy and paste requirement descriptions manually, you'll end up paying more in lost work time than buying the whole package. Plus, you'll miss out on the STRM weights, which help to prioritize controls.

© 2025 Secure Controls Framework All rights reserved. | Sitemap