This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF).
Included in the 2024.3 STRM mappings in Excel include the following:
- AICPA Trust Services Criteria (TSC) (2022 points of focus)
- CIS Critical Security Controls (CSC) v8.0
- IEC TR 60601-4-5:2021
- ISO/IEC 27001:2022
- ISO/IEC 27002:2022
- ISO/IEC 42001:2023
- NIST SP 800-53 R5.1.1
- NIST SP 800-66 R2
- NIST SP 800-161 R1
- NIST SP 800-171 R2
- NIST SP 800-171 R3
- NIST SP 800-171A
- NIST SP 800-171A R3
- NIST SP 800-207
- NIST SP 800-218
- NIST Cybersecurity Framework (NIST CSF 2.0)
- Payment Card Industry Data Security Standard (PCI DSS) v4.0
- Space Attack Research & Tactic Analysis (SPARTA) Countermeasures
- Trusted Information Security Assessment Exchange (TISAX) Information Security Assessment (ISA) v6.0.3
- US DOJ / FBI - Criminal Justice Information Services (CJIS) Security Policy
- Cybersecurity Maturity Model Certification (CMMC) 2.0 Level 1
- DoD Zero Trust Reference Architecture v2
- Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Trusted Internet
- onnections 3.0 Security Capabilities Catalog
- Department of Homeland Security (DHS) Zero Trust Capability Framework (ZTCF) (DRAFT)
- Federal Acquisition Regulation (FAR) 52.204.21
- Gramm Leach Bliley Act (GLBA) - CFR 314
- SEC Cybersecurity Final Rule
- NY Cybersecurity Requirements for Financial Services Companies (NY DFS 23 NYCRR500)
- Tennessee Information Protection Act
- Canada B-13
- EU Digital Operational Resilience Act (DORA)
- ENISA NIS2 (Directive (EU) 2022/2555)
- Spain Royal Decree 311/2022
- Australia Essential Eight
- Australian Government Information Security Manual (ISM) June 2024
- China Cybersecurity Law of the People's Republic of China (China Cybersecurity Law)
- New Zealand Health Information Security Framework 2022