Controls are your cybersecurity & data privacy program ---- A control is the power to influence or direct behaviors and the course of events.

About The SCF

Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? We decided to take action and make a difference, since we feel it is too important to wait for someone else to fix the problems that exist. 

The SCF is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of data privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis. The end product is "expert-derived content" that makes up the SCF.

We have the ambitious goal of providing cybersecurity and data privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and data privacy requirements. The glue that ties GRC together is a uniform set of controls. Unfortunately, in most organizations, there is no set of shared controls and that leads to poor governance practices and an overall weaker state of security and privacy.

Like it or not, cybersecurity is a protracted war on an asymmetric battlefield - the threats are everywhere and as defenders we have to make the effort to work together to help improve cybersecurity and data privacy practices, since we all suffer when massive data breaches occur or when cyber attacks have physical impacts.

SCF Mission

Our mission is to provide a powerful catalyst that will advance how cybersecurity and data privacy controls are utilized at the strategic, operational and tactical layers of an organization, regardless of its size or industry.

SCF Goals

The SCF Council has a few humble goals:

  • From a framework perspective, become the leading metaframework that organizations can use as a "Rosetta Stone" to build secure and compliant cybersecurity and data privacy programs.
  • From a process improvement perspective, leverage the SCF's Conformity Assessment Program (CAP) to fundamentally disrupt/reform how cybersecurity third-party assessments are performed.

Like What You See?

The SCF is a community-run project that is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of data privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis. The end product is "expert-derived content" that makes up the SCF.

Because this is a community-run project, we accept donations because it helps advance the efforts to continue growing the SCF. If you would like to donate and help grow the SCF, you can do so below, and we are grateful for your support! The SCF is run entirely through donations from individuals and our sponsors.

 scf donation page

 

1 of 1 Items
  • Excel version of STRM mapping

    STRM Bundle - Excel Versions

    This is for a digital download of the current Excel spreadsheet versions of the Set Theory Relationship Mapping (STRM) used to crosswalk the Secure Controls Framework (SCF).  There is a one (1) month period of time to access the STRM download (from...

    $20.00
    Add to Cart
1 of 1 Items

© 2025 Secure Controls Framework All rights reserved. | Sitemap