-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathscf_frameworks.json
More file actions
239 lines (239 loc) · 11.8 KB
/
scf_frameworks.json
File metadata and controls
239 lines (239 loc) · 11.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
{
"description": "SCF column values that are frameworks",
"source": "Legacy SCF spreadsheets",
"last_updated": "2026-01-10",
"values": {
"AICPA TSC 2017 (with 2022 revised POF)": "AICPA TSC 2017:2022 (used for SOC 2)",
"BSI Standard 200-1": "BSI Standard 200-1",
"CIS CSC v8.1": "CIS CSC 8.1",
"CIS CSC v8.1 IG1": "CIS CSC 8.1 IG1",
"CIS CSC v8.1 IG2": "CIS CSC 8.1 IG2",
"CIS CSC v8.1 IG3": "CIS CSC 8.1 IG3",
"COBIT 2019": "COBIT 2019",
"COSO v2017": "COSO 2017",
"CSA CCM v4": "CSA CCM 4",
"CSA IoT SCF v2": "CSA IoT SCF 2",
"ENISA v2.0": "ENISA 2.0",
"GAPP": "Generally Accepted Privacy Principles (GAPP)",
"IEC TR 60601-4-5 v2021": "IEC TR 60601-4-5 2021",
"IEC 62443-4-2": "IEC 62443-4-2 2019",
"ISO/SAE 21434 v2021": "ISO/SAE 21434 2021",
"ISO 22301 v2019": "ISO 22301 2019",
"ISO 27001 v2022": "ISO 27001 2022",
"ISO 27002 v2022": "ISO 27002 2022",
"ISO 27017 v2015": "ISO 27017 2015",
"ISO 27018 v2014": "ISO 27018 2014",
"ISO 31000 v2009": "ISO 31000 2009",
"ISO 31010 v2009": "ISO 31010 2009",
"ISO 42001 v2023": "ISO 42001 2023",
"MITRE ATT&CK 10": "MITRE ATT&CK 10",
"MPA Content Security Program v5.1": "MPA Content Security Program 5.1",
"NAIC Insurance Data Security Model Law (MDL-668)": "NAIC Insurance Data Security Model Law (MDL-668)",
"NIST AI RMF AI 100-1 v1.0": "NIST AI 100-1 (AI RMF) 1.0",
"NIST Privacy Framework v1.0": "NIST Privacy Framework 1.0",
"NIST 800-37 rev 2": "NIST 800-37 R2",
"NIST 800-39": "NIST 800-39",
"NIST 800-53 rev4": "NIST 800-53 R4",
"NIST 800-53 rev4 (low)": "NIST 800-53 R4 (low)",
"NIST 800-53 rev4 (moderate)": "NIST 800-53 R4 (moderate)",
"NIST 800-53 rev4 (high)": "NIST 800-53 R4 (high)",
"NIST 800-53 rev5": "NIST 800-53 R5",
"NIST 800-53B rev5 (privacy)": "NIST 800-53B R5 (privacy)",
"NIST 800-53B rev5 (low)": "NIST 800-53B R5 (low)",
"NIST 800-53B rev5 (moderate)": "NIST 800-53B R5 (moderate)",
"NIST 800-53B rev5 (high)": "NIST 800-53B R5 (high)",
"NIST 800-53 rev5 (NOC)": "NIST 800-53 R5 (NOC)",
"NIST 800-63B (partial mapping)": "NIST 800-63B",
"NIST 800-82 rev3 LOW OT Overlay": "NIST 800-82 R3 LOW OT Overlay",
"NIST 800-82 rev3 MODERATE OT Overlay": "NIST 800-82 R3 MODERATE OT Overlay",
"NIST 800-82 rev3 HIGH OT Overlay": "NIST 800-82 R3 HIGH OT Overlay",
"NIST 800-160": "NIST 800-160",
"NIST 800-161 rev 1": "NIST 800-161 R1",
"NIST 800-161 rev 1 C-SCRM Baseline": "NIST 800-161 R1 C-SCRM Baseline",
"NIST 800-161 rev 1 Flow Down": "NIST 800-161 R1 Flow Down",
"NIST 800-161 rev 1 Level 1": "NIST 800-161 R1 Level 1",
"NIST 800-161 rev 1 Level 2": "NIST 800-161 R1 Level 2",
"NIST 800-161 rev 1 Level 3": "NIST 800-161 R1 Level 3",
"NIST 800-171 rev2": "NIST 800-171 R2",
"NIST 800-171 rev3": "NIST 800-171 R3",
"NIST 800-171A": "NIST 800-171A",
"NIST 800-171A rev3": "NIST 800-171A R3",
"NIST 800-172": "NIST 800-172",
"NIST 800-207": "NIST 800-207",
"NIST 800-218 v1.1 SSDF": "NIST 800-218",
"NIST CSF v2.0": "NIST CSF 2.0",
"OWASP Top 10 v2021": "OWASP Top 10 2021",
"PCI DSS v4.0.1": "PCI DSS 4.0.1",
"PCI DSS v4.0.1 SAQ A": "PCI DSS 4.0.1 SAQ A",
"PCI DSS v4.0.1 SAQ A-EP": "PCI DSS 4.0.1 SAQ A-EP",
"PCI DSS v4.0.1 SAQ B": "PCI DSS 4.0.1 SAQ B",
"PCI DSS v4.0.1 SAQ B-IP": "PCI DSS 4.0.1 SAQ B-IP",
"PCI DSS v4.0.1 SAQ C": "PCI DSS 4.0.1 SAQ C",
"PCI DSS v4.0.1 SAQ C-VT": "PCI DSS 4.0.1 SAQ C-VT",
"PCI DSS v4.0.1 SAQ D Merchant": "PCI DSS 4.0.1 SAQ D Merchant",
"PCI DSS v4.0.1 SAQ D Service Provider": "PCI DSS 4.0.1 SAQ D Service Provider",
"PCI DSS v4.0.1 SAQ P2PE": "PCI DSS 4.0.1 SAQ P2PE",
"SPARTA": "SPARTA",
"SWIFT CSF v2023": "SWIFT CSF 2023",
"TISAX ISA v6": "TISAX ISA 6",
"UL 2900-1": "UL 2900-1 2017",
"UN R155": "UN R155",
"UN ECE WP.29": "UN ECE WP.29",
"US C2M2 v2.1": "US C2M2 2.1",
"US CERT RMM v1.2": "US CERT RMM 1.2",
"US CISA CPG v2022": "US CISA CPG 2022",
"US CJIS Security Policy 5.9.3": "US CJIS Security Policy 5.9.3",
"US CMMC 2.0 Level 1": "US CMMC 2.0 Level 1",
"US CMMC 2.0 Level 2": "US CMMC 2.0 Level 2",
"US CMMC 2.0 Level 3": "US CMMC 2.0 Level 3",
"US CMS MARS-E v2.0": "US CMS MARS-E 2.0",
"US COPPA": "US COPPA",
"US Data Privacy Framework (DPF)": "US Data Privacy Framework (DPF)",
"US DoD Zero Trust Reference Architecture v2.0": "US DoD Zero Trust Reference Architecture 2.0",
"US DFARS Cybersecurity 252.204-70xx": "US DFARS Cybersecurity 252.204-70xx",
"US DHS CISA TIC 3.0": "US DHS CISA TIC 3.0",
"US DHS CISA SSDAF": "US DHS CISA SSDAF",
"US DHS ZTCF": "US DHS ZTCF",
"US FACTA": "US FACTA",
"US FAR 52.204-21": "US FAR 52.204-21",
"US FAR 52.204-27": "US FAR 52.204-27",
"US FAR Section 889": "US FAR 52.204-25 (NDAA Section 889)",
"US FDA 21 CFR Part 11": "US FDA 21 CFR Part 11",
"US FedRAMP R4": "US FedRAMP R4",
"US FedRAMP R4 (low)": "US FedRAMP R4 (low)",
"US FedRAMP R4 (moderate)": "US FedRAMP R4 (moderate)",
"US FedRAMP R4 (high)": "US FedRAMP R4 (high)",
"US FedRAMP R4 (LI-SaaS)": "US FedRAMP R4 (LI-SaaS)",
"US FedRAMP R5": "US FedRAMP R5",
"US FedRAMP R5 (low)": "US FedRAMP R5 (low)",
"US FedRAMP R5 (moderate)": "US FedRAMP R5 (moderate)",
"US FedRAMP R5 (high)": "US FedRAMP R5 (high)",
"US FedRAMP R5 (LI-SaaS)": "US FedRAMP R5 (LI-SaaS)",
"US FERPA": "US FERPA",
"US FFIEC": "US FFIEC",
"US FINRA": "US FINRA",
"US FTC Act": "US FTC Act",
"US GLBA CFR 314 (Dec 2023)": "US GLBA CFR 314 2023",
"US HIPAA Administrative Simplification (2013)": "US HIPAA Administrative Simplification 2013",
"US HIPAA Security Rule / NIST SP 800-66 R2": "US HIPAA Security Rule / NIST SP 800-66 R2",
"US HIPAA HICP Small Practice": "US HIPAA HICP Small Practice",
"US HIPAA HICP Medium Practice": "US HIPAA HICP Medium Practice",
"US HIPAA HICP Large Practice": "US HIPAA HICP Large Practice",
"US IRS 1075": "US IRS 1075",
"US ITAR Part 120 (limited)": "US ITAR Part 120",
"US NERC CIP": "US NERC CIP 2024",
"US NISPOM": "US NISPOM 2020",
"US NNPI (unclass)": "US NNPI (unclass)",
"US NSTC NSPM-33": "US NSTC NSPM-33",
"US SEC Cybersecurity Rule": "US SEC Cybersecurity Rule",
"US SOX": "US SOX",
"US SSA EIESR v8.0": "US SSA EIESR 8.0",
"US TSA / DHS 1580/82-2022-01": "US TSA / DHS 1580/82-2022-01",
"US - AK PIPA": "US - AK PIPA",
"US - CA SB327": "US - CA SB327",
"US - CA SB1386": "US - CA SB1386",
"US - CO Colorado Privacy Act": "US - CO Colorado Privacy Act",
"US - IL BIPA": "US - IL BIPA",
"US - IL IPA": "US - IL IPA",
"US - IL PIPA": "US - IL PIPA",
"US-MA 201 CMR 17.00": "US - MA 201 CMR 17.00",
"US - NV SB220": "US - NV SB220",
"US - NY DFS 23 NYCRR500 2023 Amd 2": "US - NY DFS 23 NYCRR500 2023 Amd 2",
"US - NY SHIELD Act S5575B": "US - NY SHIELD Act S5575B",
"US - OR 646A": "US - OR 646A",
"US - OR CPA": "US - OR CPA",
"US - TN Tennessee Information Protection Act": "US - TN TIPA",
"US - TX BC521": "US - TX BC521",
"US-TX DIR Control Standards 2.0": "US - TX DIR Control Standards 2.0",
"US-TX TX-RAMP Level 1": "US - TX TX-RAMP Level 1",
"US-TX TX-RAMP Level 2": "US - TX TX-RAMP Level 2",
"US-TX SB820": "US - TX SB 820",
"US-VT Act 171 of 2018": "US - VT Act 171 of 2018",
"EMEA EU EBA GL/2019/04": "EMEA EU EBA GL/2019/04",
"EMEA EU DORA": "EMEA EU DORA",
"EMEA EU GDPR": "EMEA EU GDPR",
"EMEA EU NIS2": "EMEA EU NIS2",
"EMEA EU PSD2": "EMEA EU PSD2",
"EMEA Austria": "EMEA Austria",
"EMEA Belgium": "EMEA Belgium",
"EMEA Germany": "EMEA Germany",
"EMEA Germany Banking Supervisory Requirements for IT (BAIT)": "EMEA Germany Banking Supervisory Requirements for IT (BAIT)",
"EMEA Germany C5-2020": "EMEA Germany C5 2020",
"EMEA Greece": "EMEA Greece",
"EMEA Hungary": "EMEA Hungary",
"EMEA Ireland": "EMEA Ireland",
"EMEA Israel CDMO v1.0": "EMEA Israel CDMO 1.0",
"EMEA Israel": "EMEA Israel",
"EMEA Italy": "EMEA Italy",
"EMEA Kenya DPA 2019": "EMEA Kenya DPA 2019",
"EMEA Netherlands": "EMEA Netherlands",
"EMEA Nigeria DPR 2019": "EMEA Nigeria DPR 2019",
"EMEA Norway": "EMEA Norway",
"EMEA Poland": "EMEA Poland",
"EMEA Qatar PDPPL": "EMEA Qatar PDPPL",
"EMEA Russia": "EMEA Russia",
"EMEA Saudi Arabia CSCC 1: 2019": "EMEA Saudi Arabia CSCC-1 2019",
"EMEA Saudi Arabia IoT CGIoT-1:2024": "EMEA Saudi Arabia IoT CGIoT-1 2024",
"EMEA Saudi Arabia ECC-12018": "EMEA Saudi Arabia ECC-1 2018",
"EMEA Saudi Arabia OTCC-1 2022": "EMEA Saudi Arabia OTCC-1 2022",
"EMEA Saudi Arabia Personal Data Protection Law (PDPL)": "EMEA Saudi Arabia PDPL",
"EMEA Saudi Arabia SACS-002": "EMEA Saudi Arabia SACS-002",
"EMEA Saudi Arabia SAMA CSFv1.0": "EMEA Saudi Arabia SAMA CSF 1.0",
"EMEA Serbia 87/2018": "EMEA Serbia 87/2018",
"EMEA South Africa": "EMEA South Africa",
"EMEA Spain BOE-A-2022-7191": "EMEA Spain BOE-A-2022-7191",
"EMEA Spain 1720/2007": "EMEA Spain 1720/2007",
"EMEA Spain 311/2022": "EMEA Spain 311/2022",
"EMEA Spain CCN-STIC 825": "EMEA Spain CCN-STIC 825",
"EMEA Sweden": "EMEA Sweden",
"EMEA Switzerland": "EMEA Switzerland",
"EMEA Turkey": "EMEA Turkey",
"EMEA UAE NIAF": "EMEA UAE NIAF",
"EMEA UK CAP 1850": "EMEA UK CAP 1850",
"EMEA UK Cyber Essentials": "EMEA UK Cyber Essentials",
"EMEA UK DEFSTAN 05-138": "EMEA UK DEFSTAN 05-138",
"EMEA UK DPA": "EMEA UK DPA",
"EMEA UK GDPR": "EMEA UK GDPR",
"APAC Australia Essential 8": "APAC Australia Essential 8",
"APAC Australia Privacy Act": "APAC Australia Privacy Act",
"APAC Australian Privacy Principles": "APAC Australian Privacy Principles",
"APAC Australia ISM June 2024": "APAC Australia ISM June 2024",
"APAC Australia IoT Code of Practice": "APAC Australia IoT Code of Practice",
"APAC Australia Prudential Standard CPS230": "APAC Australia Prudential Standard CPS230",
"APAC Australia Prudential Standard CPS234": "APAC Australia Prudential Standard CPS234",
"APAC China Cybersecurity Law": "APAC China Cybersecurity Law",
"APAC China Data Security Law (DSL)": "APAC China Data Security Law",
"APAC China DNSIP": "APAC China DNSIP",
"APAC China Privacy Law": "APAC China Privacy Law",
"APAC Hong Kong": "APAC Hong Kong",
"APAC India ITR": "APAC India ITR",
"APAC Japan APPI": "APAC Japan APPI",
"APAC Japan ISMAP": "APAC Japan ISMAP",
"APAC Malaysia": "APAC Malaysia",
"APAC New Zealand HISF 2022": "APAC New Zealand HISF 2022",
"APAC New Zealand HISF Suppliers 2023": "APAC New Zealand HISF Suppliers 2023",
"APAC New Zealand NZISM 3.6": "APAC New Zealand NZISM 3.6",
"APAC New Zealand Privacy Act of 2020": "APAC New Zealand Privacy Act of 2020",
"APAC Philippines": "APAC Philippines",
"APAC Singapore": "APAC Singapore",
"APAC Singapore Cyber Hygiene Practice": "APAC Singapore Cyber Hygiene Practice",
"APAC Singapore MAS TRM 2021": "APAC Singapore MAS TRM 2021",
"APAC South Korea": "APAC South Korea",
"APAC Taiwan": "APAC Taiwan",
"Americas Argentina": "Americas Argentina PPL",
"Americas Argentina Reg 132-2018": "Americas Argentina Reg 132-2018",
"Americas Bahamas": "Americas Bahamas",
"Americas Bermuda BMACCC": "Americas Bermuda BMACCC",
"Americas Brazil LGPD": "Americas Brazil LGPD",
"Americas Canada CSAG": "Americas Canada CSAG",
"Americas Canada OSFI B-13": "Americas Canada OSFI B-13",
"Americas Canada ITSP-10-171": "Americas Canada ITSP-10-171",
"Americas Canada PIPEDA": "Americas Canada PIPEDA",
"Americas Chile": "Americas Chile",
"Americas Colombia": "Americas Colombia",
"Americas Costa Rica": "Americas Costa Rica",
"Americas Mexico": "Americas Mexico",
"Americas Peru": "Americas Peru",
"Americas Uruguay": "Americas Uruguay"
}
}