Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

SCF CERTIFIED - COMPANY-LEVEL CERTIFICATIONS

The Secure Controls Framework (SCF) offers company-level certifications through its Conformity Assesment Program (SCF CAP). The Cyber AB is the Acceditation Body (AB) for the SCF CAP.

The SCF CAP exists to leverage SCF content to provide a company-level certification through a conformity assessment process. The SCF CAP is designed to make conformity assessments more cost-effective, efficient and objective through the use of the SCF’s metaframework structure and no-cost content. As a metaframework, the SCF CAP allows for a singular certification approach to cybersecurity & data protection requirements where it:

  • Utilizes an examine, interview and test assessment methodology to demonstrate conformity with multiple requirements. This approach allows the SCF CAP to scale to cover multiple requirements simultaneously (e.g., demonstrate conformity with NIST CSF, HIPAA, EU GDPR, etc. as part of a single assessment);
  • Allows an organization to specify the statutory, regulatory and contractual obligations that are applicable to establish a Minimum Security Requirements (MSR) control set; and
  • Leverages leading industry assessment practices to avoid “re-inventing the wheel” for assessment methodologies.

The following SCF-based certifications are available (see SCF assessment guides for more details):

  • NIST Cybersecurity Framework 2.0 (NIST CSF 2.0)
  • New York Department of Financial Services 23 NYCRR Part 500
  • Cybersecurity Maturity Model Certification (CMMC) Level 1
  • HIPAA Security Rule (NIST SP 800-66 R2)
  • NIST SP 800-161 R1 Cybersecurity Supply Chain Risk Management (C-SCRM) Baseline
  • NIST SP 800-171 R3
  • NIST SP 800-218 R1
  • CISA Secure Software Development Attestation Form (SSDAF)
  • New Zealand Health Information Security Framework (HISF) - Guidance for Suppliers
  • SCF Cybersecurity Oversight, Resilience and Enablement (CORE) Fundamentals

SCF CAP OVERVIEW

Earning a SCF Certified™ conformity designation is meant to signify an accomplishment, rather than be viewed as a “participation ribbon” that has little practical value for the OSA or stakeholders in the OSA’s supply chain to understand the OSA’s security posture.

The SCF CAP is designed for cybersecurity & privacy practitioners by cybersecurity & data privacy practitioners. This concept is based on the need within the industry for a tailored conformity assessment solution that is capable of addressing several key considerations:

  • View compliance as a natural by-product of secure practices;
  • Scale to address multifaceted operational requirements (e.g., laws, regulations and frameworks);
  • Acknowledge the stated risk tolerance of the OSA since not all organizations have the same risk tolerance;
  • Minimize the risk of “gaming” the certification process that provides no useful insights into the security posture of the OSA;
  • Utilize technology to make the assessment process more efficient to drive down labor-related assessment costs; and
  • Leverage existing industry recognized practices, where possible.
 SCF CAP Cyber AB body of knowledge

SCF CAP ECOSYSTEM

There are several key players in the "SCF CAP Ecosystem" that are worth highlighting. If you click on the image, you can download a PDF with more information on the various components that make up the SCF CAP Ecosystem.

SCF CAP ecosystem

 

1 of 1 Items
  • Excel version of STRM mapping

    STRM Bundle - Excel Versions

    This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF).  There is a one (1) month period of time to access the STRM download (from...

    $20.00
    Add to Cart
1 of 1 Items

© 2026 Secure Controls Framework All rights reserved. | Sitemap