SCF Licened Content Provider (SCF LCP)

ComplianceForge is a Licensed Content Provider (LCP) by the SCF. This means ComplianceForge is able to sell cybersecurity and data protection policies, standards and procedures based on SCF controls.

SCF Licensed Content Provider

What SCF-Based Documentation Does ComplianceForge Sell?

ComplianceForge offers the following SCF-based documentation templates:

Digital Security Program (DSP)
- Enterprise-class solution for SCF-based policies, control objectives, standards, guidelines, metrics and more.
- Complete coverage for all SCF controls.
- SCF-based policies map 1-1 with SCF domains.
- SCF-based standards map 1-1 with SCF controls
- Comes in both Word and Excel formats, so the DSP can be imported into a GRC platform that accepts policies and standards.
Cybersecurity Standardized Operating Procedures (CSOP)
- SCF-based procedures that compliment the standards in the DSP.
- Complete coverage for all SCF controls.
- Procedures map 1-1 with SCF controls.
- Comes in both Word and Excel formats, so the CSOP can be imported into a GRC platform that accepts procedures.
NIST 800-171 Compliance Program (NCP)
- Tailored for NIST 800-171 & CMMC L1-L2
- SCF-based policies specific to NIST 800-171 and CMMC 2.0 L2).
- SCF-based standards that are specific to NIST 800-171 and CMMC 2.0 L2).
- SCF-based procedures that are specific to NIST 800-171 and CMMC 2.0 L2).
- NIST 800-161 R1-based Supply Chain Risk Management (SCRM) Plan.
- Risk Assessment Worksheet & Report Template (perform a risk & threat assessment using Microsoft Word and Excel).
- System Security Plan (SSP) Template.
- Plan of Action & Milestones (POA&M) Template.
- And more!
NIST Cybersecurity Framework 2.0 (NIST CSF 2.0) Policies & Standards
- Tailored for NIST CSF 2.0.
- SCF-based policies to address NIST CSF 2.0 requirements.
- SCF-based standards to address NIST CSF 2.0 requirements.
NIST CSF 2.0 Procedures
- Tailored for NIST CSF 2.0.
- SCF-based procedures to address NIST CSF 2.0 requirements.
ISO 27001/27002 Policies & Standards
- Tailored for ISO 27001:2022 and ISO 27002:2022.
- SCF-based policies to address ISO 27001:2022 and ISO 27002:2022 controls.
- SCF-based standards to address ISO 27001:2022 and ISO 27002:2022 controls.
ISO 27001/27002 Procedures
- Tailored for ISO 27001:2022 and ISO 27002:2022.
- SCF-based procedures to address ISO 27001:2022 and ISO 27002:2022 controls.

ComplianceForge also offers quite a few discounted bundles and you can create your own bundle by adding products to your cart and submitting a quote.

Example SCF Policies, Standards & Procedures.

The ComplianceForge Reference Model establishes how cybersecurity and data privacy documentation is meant to be built. This documentation model that leverages industry-recognized terminology to logically arrange these documentation components into their rightful order. This model creates an approach to architecting documentation that is concise, scalable and comprehensive. When that is all laid out properly, an organization's cybersecurity and data protection documentation should be hierarchical and linked from policies all the way through metrics. The swimlane diagram shown below (click for a larger PDF) defines the terminology and demonstrates the linkages between these various documentation components.

Cybersecurity & data protection documentation needs to usable. This means the documentation needs to be written clearly, concisely and in a business-context language that users can understand. By doing so, users will be able to find the information they are looking for and that will lead to IT security best practices being implemented throughout your company. Additionally, having good cybersecurity documentation can be “half the battle” when preparing for an audit, since it shows that effort went into the program and key requirements can be easily found.

The PDF document shown below provides two, side-by-side examples from policies all the way through metrics, so you can see what the actual content looks like.

There are no products listed under this category.

Governance Risk & Compliance (GRC) Content

Secure Controls Framework (SCF)

NIST 800-171 & CMMC - Where Do I Start?

Editable Policies & Standards Templates

Editable Procedures Templates

Supply Chain Risk Management

NIST 800-171 Compliance

Risk Management

Data Protection (Privacy) & Secure Engineering

Vulnerability & Patch Management

Incident Response

PCI DSS Compliance

NIST 800-171 & CMMC Compliance

Premium GRC Content (GRC Importable)

Cybersecurity Policies, Standards & Procedures

Cybersecurity Supply Chain Risk Management

Privacy & Data Protection (GDPR, CCPA & more)

Risk Management Bundles

Subscriptions

Common Compliance Requirements

Alignment With Secure Practices

Free Guides

Cost Savings

US Federal Data Security Laws & Regulations

US State Data Security Laws & Regulations

International Data Security Laws & Regulations

SCF Licensed Content Provider (LCP)

SCF Certifications

Individual Certifications

Industries Served & Client References

Multiple Company Discount

Product Comparison: DSP vs CDPP

SCF Licened Content Provider (SCF LCP)

What SCF-Based Documentation Does ComplianceForge Sell?

Example SCF Policies, Standards & Procedures.

C-SCRM & NIST 800-161 R1

Secure Software Development Attestation

NIST 800-171 R3 ODPs

SCF Training & Certifications