Secure Controls Framework

---

Hi Everyone,

If you are doing any security compliance work, I came across a good free resource. The Secure Controls Framework is a free security controls reference that also cross indexes the controls from many other compliance frameworks. What’s nice about this is can allow you to see how a framework you already implemented compares to a framework you may want or need to implement.

For example, if you meet NIST 800-171 and are planning to achieve ISO 27001:2013 you use the SCF to see where required controls for the 2 standards intersect. Then you can focus your efforts where there are control gaps.

Just google ‘Secure Controls Framework official site’. The SCF is free although you do need to create an account (Just setup a user name and PW) to download or view the control tables.

Hope you find this useful.
Regards,
Art

That is a good site; it's been around for a while. I recall using it to assist with making compliance matrices for SIEM implementations when I worked at RSA as a professional services engineer deploying their (now) old enVision SIEM. Most engagements would be at a financial institution that had to deal with PCI, GLBA, SOX, etc. I could take the information from that site and build a matrix in Excel which cross-referenced the SIEM report to the compliance objective.