Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? We decided to take action and make a difference. You can learn more at the SCF Discord server (https://discord.gg/k5BMzbyVQP) where it is a place to learn, share your experiences and network with others who use the SCF. Our mission is to provide a powerful catalyst that will advance how cybersecurity and privacy controls are utilized at the strategic, operational and tactical layers of an organization, regardless of its size or industry. We have the ambitious goal of providing cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and privacy requirements. The glue that ties Governance, Risk and Compliance (GRC) together is a uniform set of controls. Unfortunately, in most organizations, there is no set of shared controls and that leads to poor governance practices and an overall weaker state of security and privacy. Like it or not, cybersecurity is a protracted war on an asymmetric battlefield - the threats are everywhere and as defenders we have to make the effort to work together to help improve cybersecurity and privacy practices, since we all suffer when massive data breaches occur or when cyber attacks have physical impacts.
Secure Controls Framework的外部链接
30 N Gould St
Suite 3209
US,WY,Sheridan,82801
Congratulations to Tara Lemieux from Cybersec Investments on being one of the first to earn the SCF Assessor certification!
CMMC Queen ?? (or at least a princess)Lead CCA/CCA/CCP/CMMC instructor/ISO Lead Auditor/CGRC/Certified Cybersecurity First Responder/CISM/Author - 35+ year veteran National Security, USIC, Information Security.
New certification added :)
NIST CSF certification? Is your organization interested in being able to demonstrate conformity with the NIST Cybersecurity Framework? If so, the Secure Controls Framework and The Cyber AB would like to hear from you, since there is a path to certification against NIST CSF 2.0 requirements through the SCF's Conformity Assessment Program (SCF CAP). Soon (starting in early Q2 2025), the "SCF Certified - NIST CSF 2.0" certification will be available for organizations wanting to demonstrate conformity with NIST CSF 2.0 and earn a valuable certification that can be used to highlight their secure practices to partners, clients and others in their supply chain. Please take a few minutes to read the brochure shown below, since it answers a lot of basic questions you may have. Contact us to learn more: https://lnkd.in/gqmRVGZm #nistcsf #nist #csf #scf #controls #compliance #governance #risk #cybersecurity #cyber #grc #ciso #board #conformity #certification #tprm #riskmanagement #scrm #supplychain #cyberab
The SCF's Conformity Assessment Program (SCF CAP) opens to the general public in Q2 2025. The SCF CAP is a "by cybersecurity, for cybersecurity" approach to fixing the broken compliance landscape. There are no participation ribbons, just an objective assessment to a set standard that means something. Starting in Q2, the "SCF Certified - NIST CSF 2.0" certification will be available for those organizations that want to demonstrate conformity with NIST CSF 2.0 and earn a valuable certification that can be used to demonstrate your security practices to partners, clients and those in your supply chain. #nistcsf #nist #scf Secure Controls Framework #conformity #grc #compliance #governance #risk #assessment #cybersecurity #cyberab #cmmc
There is growing interest in the Secure Controls Framework Conformity Assessment Program (SCF CAP). In conjunction with The Cyber AB, we put together a "SCF CAP Ecosystem" guide to help people understand the different roles that exist. We are getting ready to start beta assessments and are on track to open up the SCF CAP to everyone in April 2025. Before then, we expect to open up individual-focused training and certifications, so keep a lookout for those announcements in the next month or so. #scf #scfcap #cyberab #assessments #grc #ciso #boardofdirectors #cybersecurity #governance #riskmanagement #compliance #conformity
A little SCF love from Jack Rumsey and the team at Swimlane. Well worth a read.
GRC Destroyer #9: The Perfect GRC Tool I would love to be argued with Shoutout to a bunch of people I like and who influenced me to write this: Ayoub Fandi Christian Hyatt Ross Haleliuk David F. Ethan A. Yair Kuznitsov Rachel Curran Mike Kim Chris Honda Tom Cornelius Also mentioned: Valence Security CyberSaint Whistic Anecdotes Secure Controls Framework https://lnkd.in/eWFKQCnF
Very exciting to see initial changes to The Cyber AB website that reflect information on the Secure Controls Framework Conformity Assessment Program (CAP)!! More information on the SCF CAP Ecosystem will be released soon! https://lnkd.in/gzGzDTCv #compliance #conformity #grc #cybersecurity #ciso #audit #assessment
Starting in late Q1 2025, the SCF Certified - NIST CSF 2.0 certification will be launched as the flagship certification that is available by the SCF Conformity Assessment Program (SCF CAP). Subsequent certifications will then be introduced on a rolling basis throughout 2025 to provide coverage for the following cybersecurity laws, regulations, and frameworks: 1. NIST CSF 2.0 2. HIPAA Security Rule / NIST 800-66 R2 3. NIST 800-171 R2 4. NIST 800-171 R3 5. Federal Acquisition Regulation (FAR) 52.204-21 6. NY DFS 23 NYCRR500 7. DHS Zero Trust Capability Framework (ZTCF) 8. CISA Cybersecurity Performance Goals (CPGs) 9. CISA Secure Software Development Attestation Form (SSDAF) 10. EU Digital Operational Resilience Act (DORA) 11. EU Network and Information Systems (NIS2) Directive 12. Australia Essential Eight The press release is available at: https://lnkd.in/g5jdzFiA You can read more about the SCF CAP here: https://lnkd.in/gH_EJ7qn #nistcsf #nist800171 #cmmc #nydfs #cybersecurity #riskmanagement #dataprotection #assessment #standards #grc #governance #risk #compliance #tprm #scf #framework #cybersecurityrisk #cyberrisk #security #ciso #cio #cyber #leadership #cybersecurityleadership #informationsecurity #infosec Secure Controls Framework
The Secure Controls Framework created a free cybersecurity materiality calculator template in Microsoft Excel format that you can download from: https://lnkd.in/gwdwv5T7 Materiality goes beyond SEC Form 8-K filings and is valuable for the broader concept of risk management practices, since it helps an organization clearly understand what is important vs what is not important. Prioritization is key in risk management and determining materiality thresholds is a tool that should be utilized. This is to START the process for your organization to think through both the quantitative and qualitative criteria that are used to establish thresholds for identifying (1) material controls, (2) material threats, (3) material risks and (4) material incidents. This template takes into account criteria from pre-tax income, total assets, total revenue and total equity to provide options for both "single criteria determinations" and "averaged determinations" to establish objective thresholds. If you want to read more about cybersecurity risk management practices and the concept of materiality, this guide is an excellent place to start: https://lnkd.in/g8-2Y8n5 #cybersecurity #riskmanagement #dataprotection #assessment #standards #grc #governance #risk #compliance #tprm #scf #framework #cybersecurityrisk #cyberrisk #security #materiality #material #itgovernance #policies #procedures #guidelines #ciso #cio #cyber #leadership #cybersecurityleadership #informationsecurity #infosec #sec
The Secure Controls Framework is pleased to announce the appointment of Jason Sproesser to the SCF Advisory Board! Jason brings with him a wealth of MSP and GRC experience both in public and private industries. As the SCF's Conformity Assessment Program (CAP) expands to offer a broad range of certifications, Jason's expertise in NIST 800-171 / CMMC will add value to the planned "SCF Certified - NIST SP 800-171 R3" certification to service the non-DoD side of the US Government contractor ecosystem. #grc #msp #mssp #announcement #cmmc #nist #nist800171 #winning
HIPAA is changing in 2025 and the Secure Controls Framework provides an opportunity for your organization to adapt how it demonstrates compliance with the HIPAA Security Rule (includes coverage for NIST SP 800-66 R2). The SCF's Conformity Assessment Program (CAP) is an efficient and cost-effective way to demonstrate compliance with the HIPAA Security Rule. This public draft release of the HIPAA-specific assessment guide contains information that assessors would utilize to perform a HIPAA Security Rule conformity assessment as part of the SCF CAP. Essentially, we've "built a better mousetrap" for how an organization can demonstrate compliance with the HIPAA Security Rule. The SCF CAP even enables organizations to simultaneously demonstrate conformity against multiple cybersecurity laws, regulations and frameworks (e.g., HIPAA + NIST CSF 2.0, NIST 800-171, etc.). You can download the SCF CAP's HIPAA Security Rule Assessment Guide from: https://lnkd.in/gnhX8RDz We welcome public feedback on this HIPAA Security Rule assessment guide! Essentially, this is the "answers to the test" and the result of successfully demonstrating conformity would be earning a "SCF Certified - HIPAA Security Rule" certification. If you scroll to the annex section of this guide, you can download the controls, assessment objectives, evidence request list and other useful assessment-related content. #cyberab #hipaa #hhs #grc #assessment #audit #certification #cybersecurity #ciso #grc #healthcare?#doge