- Policies & Standards - CORE Fundamentals
- Procedures - CORE Fundamentals
Don't Write It From Scratch.
If a customer, insurer, or auditor asked for your cybersecurity policies and standards today, could you hand them over, or would you be starting from a blank page? PSP Bundle 5 gives you a running start: the foundational documentation layer built on the SCF CORE Fundamentals, ready to tailor rather than author, getting you most of the way there from day one.
The SCF created the Cybersecurity Oversight, Resilience and Enablement (CORE) initiative to help organizations tailor cybersecurity and data protection controls to their specific needs. CORE Fundamentals is a focused set of 68 controls designed for smaller organizations to protect their People, Processes, Technologies, Data and Facilities (PPTDF) against common threats. Writing that foundation from scratch is exactly the slow, specialized work most small and mid-sized teams want to avoid.
PSP Bundle 5 is ComplianceForge's foundational Policies, Standards and Procedures bundle for the SCF CORE Fundamentals. It pairs the Policies & Standards - CORE Fundamentals product, which provides 20 policies and 68 standards, with the matching Procedures - CORE Fundamentals product, which provides the procedures, so your governance documentation and your operational documentation line up out of the box.
It is the most efficient starting point for smaller organizations that need a defensible cybersecurity documentation foundation without committing to a heavier framework. Because the CORE Fundamentals control set includes many of the requirements found in NIST CSF 2.0, this bundle is also an excellent stepping stone toward NIST CSF 2.0 alignment. Your team tailors the templates to your environment and reaches a defensible foundation in far less time than writing it from scratch.
What Is The PSP Bundle 5?
PSP Bundle 5 is the CORE Fundamentals tier of ComplianceForge's documentation: the policies and standards plus the matching procedures in one coordinated set, all built on the SCF CORE Fundamentals control set. It focuses on the policies, standards, and procedures layer that every cybersecurity program is built on, sized specifically for smaller organizations.
This is a SMB-focused bundle, built for organizations that want a defensible, achievable cybersecurity foundation without taking on a heavier framework like NIST 800-53. The genesis of the CORE Fundamentals came from Texas SB 2610, which named the SCF as one of a select few cybersecurity frameworks with adequacy to provide necessary security coverage under that state's cybersecurity safe-harbor law.
Both documents are mapped 1-to-1 to the Secure Controls Framework (SCF), which itself maps to over 100 cybersecurity and data privacy laws, regulations, and frameworks. That means the documentation keeps its value as your compliance obligations evolve, and it positions you well for a future move toward NIST CSF 2.0 alignment.
No Software To Install
This bundle is a one-time purchase of editable Microsoft Office-based documentation templates. There is no software to install, no agent to deploy, no account to provision, and no cloud environment to configure. If your organization can open and edit Microsoft Word or Excel files (or compatible tools like OpenOffice and Google Workspace), you can use both products in this bundle.
Microsoft Word and Excel
Delivered as fully editable .docx and .xlsx files. Compatible with Word 2016 and newer, Microsoft 365, OpenOffice, LibreOffice, and Google Docs/Sheets.
Email Delivery
Both products in the bundle are delivered via email download link within 1-2 business days of purchase. There is no installer, no license server, and no activation step.
One-Time Purchase
A single-entity license is included with purchase. The bundle price is a one-time charge. No subscription is required to use the CORE Fundamentals policies, standards, and procedures.
This deployment model is intentional. Cybersecurity documentation belongs in the organization's own document management systems, not locked inside a vendor's SaaS tool. Once delivered, every document in this bundle belongs to the buyer.
What Problems Does The PSP Bundle 5 Solve?
Smaller organizations increasingly have to prove they have reasonable cybersecurity practices in place, whether for customers, insurers, or emerging state laws. Writing policies, standards, and procedures from scratch is slow and specialized, and buying them piecemeal risks inconsistencies between documents. PSP Bundle 5 is designed to solve these challenges with a right-sized CORE Fundamentals foundation.
Right-Sized For SMBs
The CORE Fundamentals is a focused set of 68 controls across 20 domains, scoped for smaller organizations to protect People, Processes, Technologies, Data and Facilities without the overhead of a heavier framework.
Coordinated Policies and Procedures
The policies and standards pair with procedures that map 1-to-1 to each standard. There are no orphan controls and no inconsistencies between the policy and procedure layers.
Faster Program Stand-Up
Building this documentation in-house takes hundreds of staff hours. PSP Bundle 5 provides a professionally-written baseline (about a 90% solution) that you fine-tune to your environment in a fraction of that time.
How Does The PSP Bundle 5 Solve These Problems?
PSP Bundle 5 delivers a pre-assembled, coordinated set of two CORE Fundamentals products that together establish the policy, standards, and procedure foundation for a right-sized cybersecurity program.
SCF-Aligned Documentation
Both products are mapped 1-to-1 with the Secure Controls Framework, which cross-references over 100 laws, regulations, and frameworks, including many NIST CSF 2.0 requirements, for flexibility as your obligations evolve.
Audit-Defensible Documentation
The policies and standards establish what your program requires, and the procedures provide 1-to-1 mapping to each standard as evidence of how controls are actually performed: the documentation auditors and insurers expect to see.
Same-Day Delivery
ComplianceForge processes most orders the same business day. Expect delivery within 1-2 business days of purchase, with both products arriving together.
What Is Included In The PSP Bundle 5?
PSP Bundle 5 includes the following two ComplianceForge products, built on the SCF CORE Fundamentals and designed to work together as a coordinated policies, standards, and procedures set:
Policies & Standards - CORE Fundamentals: 20 policies (one per SCF domain) and 68 standards (one per control), mapped 1-to-1 to the Secure Controls Framework. Procedures - CORE Fundamentals: the matching procedures that map 1-to-1 to each standard, documenting how each control is actually performed.
Cost Savings Estimate - PSP Bundle 5
When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing this bundle from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:
Internal Staff Cost
For your internal staff to generate comparable documentation, it would take them an estimated 600+ internal staff work hours, which equates to a cost of approximately $60,000 in staff-related expenses. This is many months of development time where your staff would be diverted from other work.
The PSP Bundle 5 is approximately 3% of the cost for your internal staff to generate equivalent documentation.
External Consultant Cost
If you hire a consultant to generate this documentation, it would take them an estimated 420+ contractor work hours, which equates to a cost of approximately $136,500. This is many months of development time for a contractor to provide you with the deliverable.
The PSP Bundle 5 is approximately 1% of the cost for an external consultant to generate equivalent documentation.
How Much Customization Remains?
Given the difficult nature of writing templated policies and standards, ComplianceForge aimed for approximately a 90% solution, since it is impossible to write a 100% complete cookie-cutter document that applies equally across every organization. ComplianceForge did the heavy lifting; what remains is fine-tuning the documentation with the specific information that only you know to make it applicable to your organization.
In practice, this is largely filling in the blanks and following the helpful guidance provided throughout the templates to identify the who, what, when, where, why, and how. You adjust the documents to reflect your technologies, staffing, and processes, rather than authoring policies, standards, and procedures from a blank page.
Professional Services
ComplianceForge offers optional professional services to customize purchased documentation. Professional services are not required to customize ComplianceForge documentation. However, some clients want our subject matter expertise to help customize their documentation to meet their specific business needs. If you have any questions about our professional services, please contact us at:
We offer the following professional service bundles:
5-Hour Bundle
This includes five (5) hours of professional services, which may be beneficial for companies that need some guidance on getting started with how to tailor their documentation.
10-Hour Bundle
This includes ten (10) hours of professional services, which may be beneficial for companies that need additional guidance on tailoring their documentation to meet their compliance requirements.
20-Hour Bundle
This includes twenty (20) hours of professional services, which may be beneficial for companies that need robust services, beyond just 10 hours, to assist in tailoring their documentation to meet their compliance requirements.
Purchased professional service hours expire 120 days (4 months) from the time of purchase if unused. Hours are intended to supplement, not replace, your own customization work, since only your organization knows the exact details to tailor your documentation. For questions regarding scoping a professional services engagement or configuring a custom package, contact ComplianceForge directly through the Contact Us page.
SCF CORE Fundamentals Coverage
PSP Bundle 5 is built on the SCF CORE Fundamentals, a tailored set of 68 controls organized into 20 SCF domains. Because both products map 1-to-1 to the Secure Controls Framework, the documentation inherits the SCF's mapping to over 100 cybersecurity and data privacy laws, regulations, and frameworks.
The CORE Fundamentals control set includes many of the requirements found in the NIST Cybersecurity Framework 2.0 (NIST CSF 2.0), which makes this bundle an excellent starting point on a path toward NIST CSF 2.0 alignment. Its genesis came from Texas SB 2610, which recognized the SCF as one of a select few frameworks with adequacy to provide necessary security coverage. As your compliance obligations grow, the SCF mapping helps the documentation keep its value.
Need A Custom Bundle?
PSP Bundle 5 is built for smaller organizations that want a right-sized CORE Fundamentals foundation. If your compliance obligations call for broader coverage, a different framework, or additional program-level documentation, ComplianceForge can assemble a custom bundle tailored to your specific needs.
If you are not sure which documentation set is the right fit, request a quote and the ComplianceForge team can help you identify the package that matches your compliance obligations and budget.