Secure Controls Framework (SCF) Certification

The Secure Controls Framework Conformity Assessment Program (SCF CAP) is an organization-level conformity assessment, which means you can earn a certification using SCF controls. The SCF CAP is designed to utilize tailored cybersecurity and data privacy controls to specifically address the applicable statutory, regulatory and contractual obligations an Organization Seeking Assessment (OSA). The metaframework nature of the SCF enables an OSA is able to perform conformity assessment that can span multiple cybersecurity and data privacy-specific laws, regulations and frameworks.

ComplianceForge Is A SCF Licensed Content Provider (LCP)

ComplianceForge is a Licensed Content Provider (LCP) by the SCF. This means ComplianceForge is able to sell cybersecurity and data protection policies, standards and procedures based on SCF controls.

The benefit ComplianceForge brings as a SCF LCP is operationalizing the SCF by:

1. Decreased implementation costs (e.g., having to research and write policies, standards and procedures); and
2. Increased speed of implementation and adoption, since you have have the documentation the same day you order it. 

ComplianceForge's SCF-based policies, standards and procedures can save an organization a significant amount of money from the labor-related costs to research, write and refine cybersecurity documentation. 

SCF Certification Paths

The SCF CAP has a roadmap to enable the follow SCF-based certifications:

1. Australia Essential Eight
2. Canada B-13
3. Department of Homeland Security (DHS) Zero Trust Capability Framework (ZTCF)
4. DHS Cybersecurity & Infrastructure Security Agency (CISA) Secure Software Development Attestation Form
5. EU Digital Operational Resilience Act (DORA)
6. ENISA NIS2 (Directive (EU) 2022/2555)
7. Federal Acquisition Regulation (FAR) 52.204.21
8. Gramm Leach Bliley Act (GLBA) - CFR 314
9. New Zealand Health Information Security Framework 2022
10. NIST SP 800-66 R2 (HIPAA Secure Rule)
11. NIST SP 800-161 R1 (C-SCRM baseline)
12. NIST SP 800-171 R2 (non-CMMC)
13. NIST SP 800-171 R3 (non-CMMC)
14. NIST SP 800-207 (zero trust principles)
15. NY DFS 23 NYCRR500 - 2023 Amendment 2
16. Secure Code Alliance (SCA) Secure Software Development Practices (SSDP)
17. Trusted Information Security Assessment Exchange (TISAX) Information Security Assessment (ISA)

NIST CSF 2.0 Certification

The first framework that will be offered for certification is the NIST Cybersecurity Framework version 2 (NIST CSF 2.0). ComplianceForge has editable policies, standards and procedures for NIST CSF 2.0 that can help earn NIST CSF 2.0 certification via the SCF CAP. 

 

• SCF Licensed Content Provider

  ComplianceForge is very pleased to announce it is now a Secure Controls Framework Licensed Cont...

• What Is NIST CSF?

  The NIST Cybersecurity Framework (NIST CSF) is commonly used “cybersecurity best practice” for organ...

• Supply Chain Risk Management (SCRM) Plan

  Cybersecurity Supply Chain Risk Management (C-SCRM) is the process of identifying, assessing and mit...

• Efficient CMMC Scoping

  Determining the scope of controls (e.g., assessment boundary) is different than determining control...

---