NIST CSF 2.0 Certification

The Secure Controls Framework Conformity Assessment Program (SCF CAP) offers a certification path for NIST Cybersecurity Framework version 2 (NIST CSF 2.0). Successfully completing the SCF CAP assessment will award the Organization Seeking Assessment (OSA) with the designation of SCF Certified - NIST CSF 2.0

The SCF CAP Is Your Path To Become NIST CSF 2.0 Certified The SCF CAP is focused on using the SCF as the control set to provide a company-level certification. While the SCF-CAP shares some similarities with other existing, single-focused certifications (e.g., ISO 27001, CMMC, FedRAMP, etc.), the SCF CAP is unique in its metaframework approach to covering cybersecurity and data protection requirements that span multiple laws, regulations and frameworks. SCF Certified - NIST CSF 2.0 - Official Assessment Guide If you want to get SCF Certified for NIST CSF 2.0, you can download the NIST CSF 2.0 Assessment Guide from the SCF's website at https://securecontrolsframework.com/content/cap/ag-nist-csf-v-1-0.pdf For organizations that have a current Cybersecurity Maturity Model Certification (CMMC) Level 2 certification and want to leverage reciprocity towards NIST CSF 2.0 certification can use a different assessment guide that can be downloaded from: https://securecontrolsframework.com/content/cap/ag-cmmc-l2-nist-csf-v-1-0.pdf (only applicable if the organization holds a current CMMC L2 certification)

The SCF CAP is designed for cybersecurity & privacy practitioners by cybersecurity & data privacy practitioners. This concept is based on the need within the industry for a tailored conformity assessment solution that is capable of addressing several key considerations:

• View compliance as a natural by-product of secure practices;
• Scale to address multifaceted operational requirements (e.g., laws, regulations and frameworks);
• Acknowledge the stated risk tolerance of the OSC since not all organizations have the same risk tolerance;
• Minimize the risk of “gaming” the certification process that provides no useful insights into the security posture of the OSA;
• Utilize technology to make the assessment process more efficient to drive down labor-related assessment costs; and
• Leverage existing industry recognized practices, where possible.

NIST CSF 2.0 Policies, Standards & Procedures

ComplianceForge has editable policies, standards and procedures for NIST CSF 2.0 to assist your organization earning a NIST CSF 2.0 certification as part of the SCF CAP:

1. Digital Security Program (DSP)
   • Is an enterprise-class solution for SCF-based policies, control objectives, standards, guidelines, metrics and more.
   • Provides complete coverage for all SCF controls.
   • All SCF-based policies map 1-1 with SCF domains.
   • All SCF-based standards map 1-1 with SCF controls
   • Comes in both Word and Excel formats, so the DSP can be imported into a GRC platform that accepts policies and standards.
2. Cybersecurity Standardized Operating Procedures (CSOP)
   • Provides SCF-based procedures that compliment the standards in the DSP.
   • Provides complete coverage for all SCF controls.
   • All procedures map 1-1 with SCF controls.
   • Comes in both Word and Excel formats, so the CSOP can be imported into a GRC platform that accepts procedures.
3. NIST Cybersecurity Framework 2.0 (NIST CSF 2.0) Policies & Standards
   • Tailored for NIST CSF 2.0.
   • All SCF-based policies to address NIST CSF 2.0 requirements.
   • All SCF-based standards to address NIST CSF 2.0 requirements.
4. NIST CSF 2.0 Procedures
   • Tailored for NIST CSF 2.0.
   • All SCF-based procedures to address NIST CSF 2.0 requirements.

ComplianceForge has several affordable options available for 1-1 mapped policies, standards and procedures to address the NIST CSF 2.0 Set Theory Relationship Mapping (STRM) used by the SCF to identify applicable controls necessary to demonstrate conformity with NIST CSF 2.0 categories and subcategories.