The Secure Controls Framework (SCF) is a meta-framework (framework of frameworks) that maps to over 100 cybersecurity and privacy-related laws, regulations and industry frameworks.
The SCF is free via Creative Commons licensing. What makes the SCF unique from other frameworks includes:
- Maturity model criteria (based on SSE-CMM)
- Control weighting
- Associated risks & threats
- Control questions
The SCF has the ambitious goal of providing FREE cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin
The SCF focuses on internal controls. These are the cybersecurity and privacy-related policies, standards, procedures and other processes that are designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented, detected and corrected.