SCF Training & Individual-Level Certifications

↓ Download SCF

What Is The SCF?SCRMS – How To Implement The SCF SCF Domains & Principles Included Laws, Regulations & Frameworks (LRF)Set Theory Relationship Mapping (STRM)NIST OLIR Participation ESG Considerations

Free Content ▼

SCF Download Risk Management Model (SCR-RMM)Capability Maturity Model (SCR-CMM)Cybersecurity Assessment Standards (CDPAS)Mergers, Acquisitions & Divestitures (MA&D)Data Privacy Management Principles (DPMP)Evidence Request List (ERL)Unified Scoping Guide (USG)

GRC Fundamentals ▼

GRC Basics

The Output Of GRC Practices Cybersecurity Materiality Laws vs Regulations vs Frameworks

Common Cybersecurity Laws

US (FED) – FedRAMP EU – GDPR US (CA) – CCPA / CPRA

Common Cybersecurity Frameworks

NIST CSF 2.0 ISO 27001 / ISO 27002 NIST SP 800-53 PCI DSS

Word Crimes & Emerging Trends

Word Crimes Emerging Trends

US (FED) – CMMC US (FED) – DFARS 252.204-70XX US (NY) – NY DFS 23 NYCRR Part 500 US (FED) – GLBA US (FED) – HIPAA / HITECH US (FED) – SOX US (TX) – SB 2610 EU – DORA EU – NIS2 Directive CIS Critical Security Controls (CSC)NIST SP 800-161 NIST SP 800-171 NIST SP 800-172 Trust Services Criteria (SOC 2)Metaframework – HITRUST Metaframework – Unified Compliance (UC)

Policy vs Standard vs Procedure Risks vs Threats Strategy vs Operations vs Tactics Inheritance vs Reciprocity

TPRM & SCRM Integrity Resilience MSP / MSSP Dumpster Fire

GRC Basics

The Output Of GRC Practices Cybersecurity Materiality Laws vs Regulations vs Frameworks

Common Cybersecurity Laws

US (FED) - FedRamp US (FED) - GLBA US (FED) - HIPAA / HITECH US (FED) - SOX US (CA) - CCPA / CPRA US (TX) - SB 2610 EU - DORA EU - GDPR EU - NIS2 Directive

Common Cybersecurity Regulations

US (FED) - CMMC US (FED) - DFARS 252.204-70xx US (NY) - NY DFS 23 NYCRR Part 500

Common Cybersecurity Frameworks

CIS Critical Security Controls (CSC)ISO 27001 / ISO 27002 NIST CSF 2.0 NIST SP 800-53 NIST SP 800-161 NIST SP 800-171 NIST SP 800-172 PCI DSS Trust Services Criteria (SOC 2)Metaframework - HITRUST Metaframework - Unified Compliance (UC)

Word Crimes

Policy vs Standard vs Procedure Risks vs Threats Strategy vs Operations vs Tactics Inheritance vs Reciprocity

Emerging Trends

TPRM & SCRM Integrity Resilience Cybersecurity Materiality MSP / MSSP Dumpster Fire

SCF Certified ▼

Organization-Level SCF Certifications

SCF Conformity Assessment Program (CAP)SCF Assessment Guides

SCF Training & Individual-Level Certifications

SCF Practitioner SCF Architect SCF Assessor

Marketplace ▼

SCF Connect (SSOT)SCF Licensed Content Providers (LCPs)Registered Provider Organizations (RPOs)Authorized Control Integrator (ACI)Authorized Solution Provider (ASP)Third-Party Assessment Organizations (3PAOs)

FREE cybersecurity metaframework. Creative Commons licensed. Volunteer-driven. Used worldwide.

Terms and Conditions

Download the SCF

Join the SCF Discord

Donate to the SCF

Start Here

What Is The SCF?

SCRMS - How To Implement The SCF

SCF Domains & Principles

Included Laws, Regulations & Frameworks (LRF)

Set Theory Relationship Mapping (STRM)

NIST OLIR Participation

ESG Considerations

Free Content

Risk Management Model (SCR-RMM)

Capability Maturity Model (SCR-CMM)

Cybersecurity Assessment Standards (CDPAS)

Mergers, Acquisitions & Divestitures (MA&D)

Data Privacy Management Principles (DPMP)

Evidence Request List (ERL)

Unified Scoping Guide (USG)

Resources

GRC Fundamentals

© 2026 Secure Controls Framework Council. Common Controls Framework™ is a registered trademark.