Secure Controls Framework (SCF)

This download includes the SCF as a set of provisions only so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.

The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels.

The SCF includes 872 controls across 32 domains (that may or may not be applicable depending on your jurisdictions and compliance requirements), which are:

1 Security & Privacy Governance GOV

2 Asset Management AST

3 Business Continuity & Disaster Recovery BCD

4 Capacity & Performance Planning CAP

5 Change Management CHG

6 Cloud Security CLD

7 Compliance CPL

8 Configuration Management CFG

9 Continuous Monitoring MON

10 Cryptographic Protections CRY

11 Data Classification & Handling DCH

12 Embedded Technology EMB

13 Endpoint Security END

14 Human Resources Security HRS

15 Identification & Authentication IAC

16 Incident Response IRO

17 Information Assurance IAO

18 Maintenance MNT

19 Mobile Device Management MDM

20 Network Security NET

21 Physical & Environmental Security PES

22 Privacy PRI

23 Project & Resource Management PRM

24 Risk Management RSK

25 Secure Engineering & Architecture SEA

26 Security Operations OPS

27 Security Awareness & Training SAT

28 Technology Development & Acquisition TDA

29 Third-Party Management TPM

30 Threat Management THR

31 Vulnerability & Patch Management VPM

32 Web Security WEB