Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

Secure Controls Framework (SCF) Council

STRM Bundle - Excel Versions

$20.00
2 reviews Write a Review
SKU:
STRM-Bundle

This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF). 

There is a one (1) month period of time to access the STRM download (from the date of purchase). Included in the 2025.3 STRM mappings in Excel format include the following:

  1. Universal - AICPA Trust Services Criteria (TSC) with (2022 points of focus)
  2. Universal - Critical Security Controls (CSC) version 8.1
  3. Universal - IEC TR 60601-4-5:2021
  4. Universal - ISO/IEC 27001:2022
  5. Universal - ISO/IEC 27002:2022
  6. Universal - ISO/IEC 42001:2023
  7. Universal - Insurance Data Security Model Law (MDL-668)
  8. Universal - NIST AI 100-1 (Artificial Intelligence Risk Management Framework 1.0)
  9. Universal - NIST AI 600-1 (AI RMF Generative Artificial Intelligence Profile)
  10. Universal - NIST SP 800-53 R5.2
  11. Universal - NIST SP 800-161 R1
  12. Universal - NIST SP 800-171 R2
  13. Universal - NIST SP 800-171 R3
  14. Universal - NIST SP 800-171A
  15. Universal - NIST SP 800-171A R3
  16. Universal - NIST SP 800-207
  17. Universal - NIST SP 800-218
  18. Universal - NIST Cybersecurity Framework (CSF) v2.0
  19. Universal - Payment Card Industry Data Security Standard (PCI DSS) v4.01
  20. Universal - Space Attack Research & Tactic Analysis (SPARTA) Countermeasures
  21. Universal - Trusted Information Security Assessment Exchange (TISAX) ISA 6.0.3
  22. US - CISA Cross-Sector Cybersecurity Performance Goals (CPG)
  23. US - Criminal Justice Information Services (CJIS) Security Policy v5.9.3
  24. US - Cybersecurity Maturity Model Certification (CMMC) v2.0 Level 1
  25. US - Data Privacy Framework (DPF)
  26. US - DoD Zero Trust Execution Roadmap
  27. US - DoD Zero Trust Reference Architecture v2
  28. US - CISA Secure Software Development Attestation Form (SSDAF)
  29. US - CISA Trusted Internet Connections 3.0 Security Capabilities Catalog
  30. US - Executive Order 14028 (EO 14028)
  31. US - Farm Credit Administration (FCA) Cyber Risk Management
  32. US - Gramm Leach Bliley Act (GLBA) - CFR 314 (Dec 2023)
  33. US - HIPAA Security Rule (includes mapping to NIST SP 800-66 R2)
  34. US - NERC CIP
  35. US - SEC Cybersecurity Final Rule
  36. US - California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA)
  37. US - NY DFS 23 NYCRR500
  38. US - OR Consumer Privacy Act (SB 619)
  39. US - TN Information Protection Act
  40. US - TX Consumer Data Protection Act (CDPA)
  41. US - TX SB 2610 (Safe Harbor Law)
  42. US - TX SB2610
  43. EMEA - EU Artificial Intelligence Act
  44. EMEA - EU Cyber Resilience Act
  45. EMEA - EU Cyber Resilience Act - Annexes
  46. EMEA - Digital Operational Resilience Act (DORA)
  47. EMEA - EU General Data Protection Regulation (GDPR)
  48. EMEA - ENISA NIS2 (Directive (EU)
  49. EMEA - ENISA NIS2 Annex
  50. EMEA - Saudi Arabia IoT CGIoT-1:2024
  51. EMEA - Saudi Arabia Personal Data Protection Law (PDPL)
  52. EMEA - Spain BOE-A-2022-7191
  53. EMEA - UAE National Information Assurance Framework (NIAF)
  54. EMEA - UK Cyber Assessment Framework (CAF) v4.0
  55. EMEA - UK Ministry of Defence Standard 05-138
  56. APAC - Australia Essential Eight
  57. APAC - Australian Government Information Security Manual (ISM)
  58. APAC - China Cybersecurity Law
  59. APAC - India Digital Personal Data Protection Act
  60. APAC - NZ Health Information Security Framework
  61. APAC - NZ Health Information Security Framework Guidance for Suppliers
  62. Americas - Canada ITSP.10.171
  63. Americas - Canada B-13

2 Reviews

  • 4
    STRM

    Posted by Eric Andresen on Jun 23rd 2025

    You will save a long time trying to map these controls out yourself if all you do is purchase the material for your latest NIS2 project. There are no doubt many ways that this can be applied and if we have this material to show an auditor how the material was organized, I am sure without a doubt that the material will pay off in a big way. The Secure Control Framework is amazing, and I am happy to support the project in any small way that we can.

  • 5
    Excellent value and huge time saver!

    Posted by Udo Schneider on Oct 10th 2024

    We use SCF to map product features to multiple compliance frameworks using control cross-walking. Adding the STRM information, especially the actual requirement text, allows us to tailor our answers specifically to the framework. And for the price, it's a real bargain! Even if you only need to copy and paste requirement descriptions manually, you'll end up paying more in lost work time than buying the whole package. Plus, you'll miss out on the STRM weights, which help to prioritize controls.