-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathscf_not_frameworks.json
More file actions
145 lines (135 loc) · 3.72 KB
/
scf_not_frameworks.json
File metadata and controls
145 lines (135 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
{
"description": "SCF column values that are NOT frameworks",
"source": "Legacy SCF spreadsheets",
"last_updated": "2026-01-10",
"values": [
"SCF Domain",
"SCF Control",
"SCF #",
"Secure Controls Framework (SCF) Control Description",
"Methods To Comply With SCF Controls",
"Evidence Request List (ERL) #",
"SCF Control Question",
"Relative Control Weighting",
"Function Grouping",
"NIST CSF Function Grouping",
"UUID",
"Minimum Security Requirements MCC + DSR",
"Minimum Security Requirements MCR + DSR",
"Identify Minimum Compliance Controls (MCC)",
"Identify Minimum Compliance Requirements (MCR)",
"Identify Discretionary Security Requirements (DSR)",
"SP-CMM 0 Not Performed",
"SP-CMM 1 Performed Informally",
"SP-CMM 2 Planned & Tracked",
"SP-CMM 3 Well Defined",
"SP-CMM 4 Quantitatively Controlled",
"SP-CMM 5 Continuously Improving",
"C|P-CMM 0 Not Performed",
"C|P-CMM 1 Performed Informally",
"C|P-CMM 2 Planned & Tracked",
"C|P-CMM 3 Well Defined",
"C|P-CMM 4 Quantitatively Controlled",
"C|P-CMM 5 Continuously Improving",
"SCRM Tier 1 Strategic",
"SCRM Tier 2 Operational",
"SCRM Tier 3 Tactical",
"SCRM Focus TIER 1 STRATEGIC",
"SCRM Focus TIER 2 OPERATIONAL",
"SCRM Focus TIER 3 TACTICAL",
"Risk Threat Summary",
"Control Threat Summary",
"Risk R-AC-1",
"Risk R-AC-2",
"Risk R-AC-3",
"Risk R-AC-4",
"Risk R-AM-1",
"Risk R-AM-2",
"Risk R-AM-3",
"Risk R-BC-1",
"Risk R-BC-2",
"Risk R-BC-3",
"Risk R-BC-4",
"Risk R-BC-5",
"Risk R-EX-1",
"Risk R-EX-2",
"Risk R-EX-3",
"Risk R-EX-4",
"Risk R-EX-5",
"Risk R-EX-6",
"Risk R-EX-7",
"Risk R-GV-1",
"Risk R-GV-2",
"Risk R-GV-3",
"Risk R-GV-4",
"Risk R-GV-5",
"Risk R-GV-6",
"Risk R-GV-7",
"Risk R-GV-8",
"Risk R-IR-1",
"Risk R-IR-2",
"Risk R-IR-3",
"Risk R-IR-4",
"Risk R-SA-1",
"Risk R-SA-2",
"Risk R-SC-1",
"Risk R-SC-2",
"Risk R-SC-3",
"Risk R-SC-4",
"Risk R-SC-5",
"Risk R-SC-6",
"Threat NT-1",
"Threat NT-2",
"Threat NT-3",
"Threat NT-4",
"Threat NT-5",
"Threat NT-6",
"Threat NT-7",
"Threat NT-8",
"Threat NT-9",
"Threat NT-10",
"Threat NT-11",
"Threat NT-12",
"Threat NT-13",
"Threat NT-14",
"Threat MT-1",
"Threat MT-2",
"Threat MT-3",
"Threat MT-4",
"Threat MT-5",
"Threat MT-6",
"Threat MT-7",
"Threat MT-8",
"Threat MT-9",
"Threat MT-10",
"Threat MT-11",
"Threat MT-12",
"Threat MT-13",
"Threat MT-14",
"Threat MT-15",
"Threat MT-16",
"Threat MT-17",
"Threat MT-18",
"Threat MT-19",
"Threat MT-20",
"Threat MT-21",
"Threat MT-22",
"Threat MT-23",
"PPTDF Applicability DATA",
"PPTDF Applicability FACILITY",
"PPTDF Applicability PEOPLE",
"PPTDF Applicability PROCESS",
"PPTDF Applicability TECHNOLOGY",
"Possible Solutions & Considerations Micro-Small Business (<10 staff) BLS Firm Size Classes 1-2",
"Possible Solutions & Considerations Small Business (10-49 staff) BLS Firm Size Classes 3-4",
"Possible Solutions & Considerations Medium Business (50-249 staff) BLS Firm Size Classes 5-6",
"Possible Solutions & Considerations Large Business (250-999 staff) BLS Firm Size Classes 7-8",
"Possible Solutions & Considerations Enterprise (> 1,000 staff) BLS Firm Size Class 9",
"SCF-B Business Mergers & Acquisitions",
"SCF-I Cyber Liability Insurance (Duty of Care)",
"SCF-E Embedded Technology",
"SCF-M MSP/MSSP Secure Practices Baseline",
"SCF-R Ransomware Protection",
"SCF-Z Zero Trust Architecture (ZTA)"
]
}