diff --git a/Secure Controls Framework (SCF) - 2023.3.1.xlsx b/Archived Versions/SCF-2023/Secure Controls Framework (SCF) - 2023.4.xlsx
similarity index 56%
rename from Secure Controls Framework (SCF) - 2023.3.1.xlsx
rename to Archived Versions/SCF-2023/Secure Controls Framework (SCF) - 2023.4.xlsx
index c8b7b39..44a88a4 100644
Binary files a/Secure Controls Framework (SCF) - 2023.3.1.xlsx and b/Archived Versions/SCF-2023/Secure Controls Framework (SCF) - 2023.4.xlsx differ
diff --git a/SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.2).pdf b/SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.3).pdf
similarity index 88%
rename from SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.2).pdf
rename to SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.3).pdf
index ef16acd..9062bf3 100644
Binary files a/SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.2).pdf and b/SCF - Cybersecurity & Data Privacy Risk Management Model (CP-RMM) Overview (2023.3).pdf differ
diff --git a/SCF 2023.3.1 Errata.txt b/SCF 2023.3.1 Errata.txt
deleted file mode 100644
index bfe4bd9..0000000
--- a/SCF 2023.3.1 Errata.txt	
+++ /dev/null
@@ -1,141 +0,0 @@
-Version 2023.3.1 errata (minor corrections):
- - AST-01- 2023.3.1 - added Article 21.2(i) for NIS 2 and 2.0 for CIS 8.0
- - AST-02- 2023.3.1 - added  2.0 for CIS 8.0
- - MON-02- 2023.3.1 - updated CIS 8.0 (typo correction for 12.1 to 13.1)
- - IAC-01- 2023.3.1 - added Article 21.2(i) for NIS 2
-
-Version 2023.3 errata. This version represents a minor update. 
- - There are new controls.
- - Risk & threat models were updated to assist with risk & threat assessments, as well as to help determine materiality decisions for incidents, threats and risks.
- - Data Privacy Management Principles (DPMP) were updated.
-
-Added Mapping:
- - Australia Essential Eight 
-  > ML1
-  > ML2
-  > ML3 
- - Canada OSFI B-13
- - Cybersecurity Maturity Model Certification (CMMC) 2.1 (draft release)
-  > CMMC Level 1
-  > CMMC Level 2
-  > CMMC Level 3
- - EU-US Data Privacy Framework
- - European Banking Authority (EBA) Guidelines on ICT and security risk management
- - FedRAMP R5
-  > Low
-  > Moderate 
-  > High
-LI-SaaS
- - Kenya DPA 2019
- - MITRE ATT&CK
- - Nigeria DPR 2019
- - NIS2
- - NIST CSF v2.0 Initial Public Draft (IPD)
- - NSTC NSPM-33
- - PCI DSS Self-Assessment Questionnaires (SAQs)
-  > SAQ A
-  > SAQ A-EP
-  > SAQ B
-  > SAQ B-IP
-  > SAQ C
-  > SAQ C-VT
-  > SAQ D Merchant
-  > SAQ D Service Provider
-  > SAQ P2PE
- - Qatar PDPPL
- - Saudi Arabia SACS-002
- - SEC Cybersecurity Rule
- - Serbia 87/2018
- - SWIFT CSF 2023
- - UN R155
- - UK CAP 1850
-Updated Mapping:
- - NIST SP 800-172
-Removed Mapping:
- - Shared Assessments SIG 2022
- - SWIFT CSF 2021
-
-Standardized terminology throughout the framework:
- - security and privacy > cybersecurity & data privacy
- - cybersecurity and privacy > cybersecurity & data privacy 
- - security personnel > cybersecurity personnel 
- - information security > cybersecurity
- - Third-Party Service Provider (TSP) > External Service Provider (ESP)
- - Minimum Compliance Criteria (MCC) > Minimum Compliance Requirements (MCR)
- - sensitive / regulated data > sensitive/regulated data
-
-New controls:
- - GOV-02.1 - Exception Management
- - RSK-01.5 - Risk Appetite
- - RSK-03.1 - Risk Catalog
- - SEA-01.2 - Achieving Resilience Requirements
- - THR-09 - Threat Catalog
- - THR-10 - Threat Analysis
- - VPM-03.1 - Vulnerability Exploitation Analysis
-
-Updated Mapping:
- - NIST SP 800-53 R5
-  > GOV-02
-  > GOV-03 
-  > BCD-11.4
-  > CRY-01
-  > CRY-05
-  > CRY-05.2
-  > NET-02.3
-  > TDA-06.1
- - FAR 52.204-21
-  > PES-04
-  > PES-12
-  > PES-12.1
-  > PES-12.2
-  > TPM-05.2
-  > VPM-01
- - PCI DSS 4.0
-  > VPM-01.1
-  > VPM-02
-  > VPM-06
-
-Control wordsmithing:
- - BCD-10.3 - Provider Continency Plan 
- - CHG-06 - Cybersecurity Functionality Verification
- - PRI-15 - Register As A Data Controller and/or Data Processor
- - RSK-01.3 - Risk Tolerance
- - RSK-01.4 - Risk Threshold
- - SEA-07.1 - Technology Lifecycle Management
- - SAT-03 - Role-Based Cybersecurity & Data Privacy Training 
- - TDA-02.4 - Pre-Established Secure Configurations
- - TDA-12 - Customized Development of Critical Components 
- - TDA-17 - Unsupported Systems 
- - TPM-04.3 - Conflict of Interests
-
-Renamed controls:
- - GOV-01 - Cybersecurity & Data Protection Governance Program 
- - GOV-03 - Periodic Review & Update of Cybersecurity & Data Protection Program
- - CHG-02.3 - Cybersecurity & Data Privacy Representative for Asset Lifecycle Changes
- - CPL-02 - Cybersecurity & Data Privacy Controls Oversight 
- - CPL-03 - Cybersecurity & Data Privacy Assessments 
- - CPL-03.2 - Functional Review Of Cybersecurity & Data Privacy Controls 
- - CRY-10 - Transmission of Cybersecurity & Data Privacy Attributes 
- - DCH-05 - Cybersecurity & Data Privacy Attributes
- - DCH-23.6 - Differential Data Privacy
- - HRS-13.2 - Identify Vital Cybersecurity & Data Privacy Staff
- - HRS-13.3 - Establish Redundancy for Vital Cybersecurity & Data Privacy Staff
- - IRO-02.4 - Incident Classification & Prioritization
- - PRI-01.3 - Dissemination of Data Privacy Program Information 
- - PRI-07.1 - Data Privacy Requirements for Contractors & Service Providers 
- - PRI-14 - Data Privacy Records & Reporting
- - PRI-15 - Register As A Data Controller and/or Data Processor
- - PRI-17.1 - Conspicuous Link To Data Privacy Notice
- - PRM-01 - Cybersecurity & Data Privacy Portfolio Management
- - PRM-02 - Cybersecurity & Data Privacy Resource Management
- - PRM-04 - Cybersecurity & Data Privacy In Project Management 
- - PRM-05 - Cybersecurity & Data Privacy Requirements Definition
- - SAT-01 - Cybersecurity & Data Privacy-Minded Workforce 
- - SAT-02 - Cybersecurity & Data Privacy Awareness Training
- - SAT-03 - Role-Based Cybersecurity & Data Privacy Training 
- - SAT-03.4 -Vendor Cybersecurity & Data Privacy Training
- - SAT-03.7 -Continuing Professional Education (CPE) - Cybersecurity & Data Privacy Personnel
- - SAT-04 - Cybersecurity & Data Privacy Training Records 
- - TDA-02.4 - Pre-Established Secure Configurations
- - TDA-02.7 - Cybersecurity & Data Privacy Representatives For Product Changes
- - TDA-09 - Cybersecurity & Data Privacy Testing Throughout Development
diff --git a/SCF 2023.4 Errata.txt b/SCF 2023.4 Errata.txt
new file mode 100644
index 0000000..a6c9854
--- /dev/null
+++ b/SCF 2023.4 Errata.txt	
@@ -0,0 +1,104 @@
+Version 2023.4 represents a minor update. 
+ - There are new controls.
+ - Risk & threat models were updated.
+
+Added Mapping:
+ - CIS CSC v8.0 IG1-IG3
+ - ISO/SAE 21434:2021 - Road vehicles — Cybersecurity engineering
+ - NIST SP 800-82 - Guide to Industrial Control Systems (ICS) Security Rev 3 (OT Overlay low, mod, high)
+ - NIST SP 800-171 R3 Final Public Draft (FPD) 
+ - NIST 800-171A R3 Initial Public Draft (IPD)
+ - UN - UNECE WP.29 
+ - US - 52.204-27 Prohibition on a ByteDance Covered Application
+ - Germany - Banking Supervisory Requirements for IT (BAIT)
+ - Australia - Prudential Standard CPS 230 - Operational Risk Management
+
+New Controls:
+ - CLD-13: Hosted Systems, Applications & Services
+ - CLD-13.1: Authorized Individuals For Hosted Systems, Applications & Services	
+ - CLD-13.2: Sensitive/Regulated Data On Hosted Systems, Applications & Services	
+ - CLD-14: Prohibition On Unverified Hosted Systems, Applications & Services
+ - DCH-01.4: Defining Access Authorizations for Sensitive/Regulated Data
+ - IAC-20.7: Authorized System Accounts	
+ - TPM-03.4: Adequate Supply
+ - WEB-14: Publicly Accessible Content Reviews
+
+Renamed Controls:
+ - CPL-02 - Cybersecurity & Data Protection Controls Oversight 
+ - CPL-03 - Cybersecurity & Data Protection Assessments
+ - CPL-03.2 - Functional Review Of Cybersecurity & Data Protection Controls
+ - DCH-09 - System Media Sanitization
+ - DCH-09.1 - System Media Sanitization Documentation
+ - IAC-02.2 - Replay-Resistant Authentication
+ - IAC-15.1 - Automated System Account Management (Directory Services)
+ - IAC-15.7 - System Account Reviews
+
+Control Wordsmithing:
+ - AST-02.5 - Network Access Control (NAC)
+ - BCD-11.7 - Redundant Secondary System
+ - CPL-02 - Cybersecurity & Data Protection Controls Oversight
+ - CPL-03 - Cybersecurity & Data Protection Assessments
+ - CPL-03.1 - Independent Assessors
+ - CPL-03.2 - Functional Review Of Cybersecurity & Data Protection Controls
+ - CFG-03.4 - Split Tunneling
+ - MON-03 - Content of Event Logs
+ - DCH-09 - System Media Sanitization
+ - DCH-09.1 - System Media Sanitization Documentation
+ - DCH-14.3 - Data Access Mapping
+ - IAC-02.2 - Replay-Resistant Authentication
+ - IAC-15.1 - Automated System Account Management (Directory Services)
+ - IAC-15.7 - System Account Reviews
+ - VPM-06.5 - Review Historical Event Logs
+
+New Threats:
+ - MT-14: Willful Criminal Conduct
+ - MT-15: Conflict of Interest (COI)
+ - MT-16: Macroeconomics
+
+Updated Mapping:
+ - NIST SP 800-53 R5
+  > AST-03
+  > AST-04.1
+  > BCD-10.4
+  > BCD-12.2
+  > BCD-13
+  > CLD-03
+  > CFG-08
+  > MON-07.1
+  > MON-08.1
+  > END-12
+  > IAC-01.2
+  > MNT-05.1
+  > MNT-08
+  > NET-06.5
+  > NET-14.8
+  > PES-05.2
+  > SEA-07.2
+  > SEA-07.3
+  > SAT-03.2
+  > TPM-03.4
+ - CIS 8.0
+  > CRY-05
+  > END-04
+  > END-04.3
+ - DFARS
+  > GOV-06
+  > GOV-15.1
+  > GOV-15.2
+  > AST-17
+  > CPL-01
+  > CPL-01.1
+  > DCH-01.2
+  > END-04
+  > IRO-04.1
+  > IRO-08
+  > IRO-10
+  > IRO-10.2
+  > IRO-10.4
+  > IRO-12
+  > IAO-02
+  > SEA-02.1
+  > TPM-01
+  > TPM-01.1
+  > TPM-05
+  > TPM-05.2
\ No newline at end of file
diff --git a/Secure Controls Framework (SCF) - 2023.4.xlsx b/Secure Controls Framework (SCF) - 2023.4.xlsx
new file mode 100644
index 0000000..bb57046
Binary files /dev/null and b/Secure Controls Framework (SCF) - 2023.4.xlsx differ
diff --git a/Thumbs.db b/Thumbs.db
index 4ff267a..866cfee 100644
Binary files a/Thumbs.db and b/Thumbs.db differ