Secure Controls Framework (SCF)

The Secure Controls Framework (SCF) is a comprehensive catalog of controls that is designed to enable companies to design, build and maintain secure processes, systems and applications. The SCF addresses both cybersecurity and privacy, so that these principles are designed to be “baked in” at the strategic, operational and tactical levels.

In developing the SCF, we identified and analyzed 100 statutory, regulatory and contractual frameworks. Through analyzing these thousands of requirements, we identified commonalities and this allows several thousand unique controls to be addressed by the less than 750 controls that makeup the SCF. For instance, a requirement to maintain strong passwords is not unique, since it is required by dozens of frameworks. This allows one well-worded SCF control to address multiple requirements. This focus on simplicity and sustainability is key to the SCF, since it can enable various teams to speak the same controls language, even though they may have entirely different statutory, regulatory or contractual obligations that they are working towards.

The SCF targets silos, since siloed practices within any organization are inefficient and can lead to poor security, due to poor communications and incorrect assumptions. For each of the SCF controls, they identified potential teams that have a stake in that control’s execution (e.g., think RACI diagram).

Using the SCF should be viewed as a long-term tool to not only help with compliance-related efforts but to ensure security and privacy principles are properly designed, implemented and maintained. The SCF should be part of any organization’s toolkit for its System Development Lifecycle (SDLC), regardless of the development methodology that is being used (e.g., DevOps, Agile, Waterfall, etc.).

The SCF helps enables organizations to have a data-centric approach towards security, so that security and privacy principles help protect data from the physical to application layers. This is another way of saying that the SCF helps you implement a holistic approach to protecting the Confidentiality, Integrity, Availability and Safety (CIAS) of your data, systems, applications and other processes.

scf Framework

Check the compliance mandates that your organization must address and download a detailed list of requirements and actions that need to be completed to satisfy each requirement.

SCF B Business Mergers & Acquisitions
SCF E Embedded Technology
SCF G US Government Contractors
SCF H Healthcare Industry
SCF M Continuous Monitoring
SCF P Privacy Implications
SCF T Third Party Risk
Target Audience
Relative Control Weighting 1 10
AICPA SOC 2 2016
AICPA SOC 2 2017
CIS CSC v6 1
CIS CSC v7
COBIT v5
COSO v2013
CSA CCM v3 0 1
ENISA v2 0
GAPP
ISO 27001 v2013
ISO 27002 v2013
ISO 27018 v2014
ISO 29100 v2011
ISO 31000 v2009
ISO 31010 v2009
NIST 800 37
NIST 800 39
NIST 800 53 rev4
NIST 800 53 rev 5
NIST 800 160
NIST 800 171 rev 1
NIST CSF v1 1
OWASP Top 10 v2017
PCI DSS v3 2
UL 2900 1
US COPPA
US DFARS 252 204 70xx
US FACTA
US FAR 52 204 21
US FDA 21 CFR Part 11
US FedRAMP [moderate]
US FERPA
US FFIEC
US FINRA
US FTC Act
US GLBA
US HIPAA
US NERC CIP
US NISPOM
US Privacy Shield
US SOX
US CJIS Security Policy
US CA SB1386
US MA 201 CMR 17 00
US NY DFS 23 NYCRR500
US OR 646A
US TX BC521
US TX Cybersecurity Act
EMEA EU ePrivacy [draft]
EMEA EU GDPR
EMEA EU PSD2
EMEA Austria
EMEA Belgium
EMEA Czech Republic
EMEA Denmark
EMEA Finland
EMEA France
EMEA Germany
EMEA Germany C5
EMEA Greece
EMEA Hungary
EMEA Ireland
EMEA Israel
EMEA Italy
EMEA Luxembourg
EMEA Netherlands
EMEA Norway
EMEA Poland
EMEA Portugal
EMEA Russia
EMEA Slovak Republic
EMEA South Africa
EMEA Spain
EMEA Sweden
EMEA Switzerland
EMEA Turkey
EMEA UAE
EMEA UK
APAC Australia
APAC Australia ISM 2017
APAC China DNSIP
APAC Hong Kong
APAC India ITR
APAC Indonesia
APAC Japan
APAC Malaysia
APAC New Zealand
APAC New Zealand NZISM
APAC Philippines
APAC Singapore
APAC Singapore MAS TRM
APAC South Korea
APAC Taiwan
Americas Argentina
Americas Bahamas
Americas Canada PIPEDA
Americas Chile
Americas Columbia
Americas Costa Rica
Americas Mexico
Americas Peru
Americas Uruguay







USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2018, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.