What are the SCF Controls?

The SCF control set is a free solution providing businesses cybersecurity and privacy control guidance to address the strategic, operational, and tactical needs of organizations across 32 domains, regardless of their size, industry, or country of origin.

More information on all SCF 32 domains is presented below.

Why the SCF?

Custom controls are typically hard to define and benchmark due to their specifics.
The SCF, on the other hand, is a common ground to compare Control usage and its distribution across all frameworks.

SCF controls in ZenComply may be customized to fit your organization’s unique control implementation details.

What am I viewing?

An example of how the SCF Domain acronyms are displayed in ZenComply.

GOV

Govern a documented, risk-based program that encompasses appropriate security and privacy principles to address all applicable statutory, regulatory and contractual obligations.

AST

Manage all technology assets from purchase through disposition, both physical and virtual, to ensure secured use, regardless of the asset’s location.

BCD

Maintain the capability to sustain business-critical functions while successfully responding to and recovering from incidents through a well-documented and exercised process.

CAP

Govern the current and future capacities and performance of technology assets.

CHG

Govern change in a sustainable and ongoing manner that involves active participation from both technology and business stakeholders to ensure that only authorized changes occur.

ZenGRC Wiki

SCF Controls

Analytics

What are the SCF Controls?

Why the SCF?

What am I viewing?

GOV

AST

BCD

CAP

CHG

CLD

CPL

CFG

MON

CRY

DCH

EMB

END

HRS

IAC

IRO

IAO

MNT

MDM

NET

PES

PRI

PRM

RSK

SEA

OPS

SAT

TDA

TPM

THR

VPM

WEB