Skip to content

SCF 2023.3.1
Compare
Choose a tag to compare
@securecontrolsframework securecontrolsframework released this 19 Sep 22:05
· 12 commits to main since this release
2023.3
10dea3a

Version 2023.3.1 errata (minor corrections):

  • AST-01- 2023.3.1 - added Article 21.2(i) for NIS 2 and 2.0 for CIS 8.0
  • AST-02- 2023.3.1 - added 2.0 for CIS 8.0
  • MON-02- 2023.3.1 - updated CIS 8.0 (typo correction for 12.1 to 13.1)
  • IAC-01- 2023.3.1 - added Article 21.2(i) for NIS 2

Version 2023.3 represents a minor update.

Added Mapping:

  • Australia Essential Eight
  • Canada OSFI B-13
  • Cybersecurity Maturity Model Certification (CMMC) 2.1 (draft release)
  • EU-US Data Privacy Framework
  • European Banking Authority (EBA) Guidelines on ICT and security risk management
  • FedRAMP R5
  • Kenya DPA 2019
  • MITRE ATT&CK
  • Nigeria DPR 2019
  • NIS2
  • NIST CSF v2.0 Initial Public Draft (IPD)
  • NSTC NSPM-33
  • PCI DSS Self-Assessment Questionnaires (SAQs)
  • Qatar PDPPL
  • Saudi Arabia SACS-002
  • SEC Cybersecurity Rule
  • Serbia 87/2018
  • SWIFT CSF 2023
  • UN R155
  • UK CAP 1850

Wordsmithing controls:

  • BCD-10.3 - Provider Continency Plan
  • CHG-06 - Cybersecurity Functionality Verification
  • PRI-15 - Register As A Data Controller and/or Data Processor
  • RSK-01.3 - Risk Tolerance
  • RSK-01.4 - Risk Threshold
  • SEA-07.1 - Technology Lifecycle Management
  • SAT-03 - Role-Based Cybersecurity & Data Privacy Training
  • TDA-02.4 - Pre-Established Secure Configurations
  • TDA-12 - Customized Development of Critical Components
  • TDA-17 - Unsupported Systems
  • TPM-04.3 - Conflict of Interests

Renamed controls:

  • GOV-01 - Cybersecurity & Data Protection Governance Program
  • GOV-03 - Periodic Review & Update of Cybersecurity & Data Protection Program
  • CHG-02.3 - Cybersecurity & Data Privacy Representative for Asset Lifecycle Changes
  • CPL-02 - Cybersecurity & Data Privacy Controls Oversight
  • CPL-03 - Cybersecurity & Data Privacy Assessments
  • CPL-03.2 - Functional Review Of Cybersecurity & Data Privacy Controls
  • CRY-10 - Transmission of Cybersecurity & Data Privacy Attributes
  • DCH-05 - Cybersecurity & Data Privacy Attributes
  • DCH-23.6 - Differential Data Privacy
  • HRS-13.2 - Identify Vital Cybersecurity & Data Privacy Staff
  • HRS-13.3 - Establish Redundancy for Vital Cybersecurity & Data Privacy Staff
  • IRO-02.4 - Incident Classification & Prioritization
  • PRI-01.3 - Dissemination of Data Privacy Program Information
  • PRI-07.1 - Data Privacy Requirements for Contractors & Service Providers
  • PRI-14 - Data Privacy Records & Reporting
  • PRI-15 - Register As A Data Controller and/or Data Processor
  • PRI-17.1 - Conspicuous Link To Data Privacy Notice
  • PRM-01 - Cybersecurity & Data Privacy Portfolio Management
  • PRM-02 - Cybersecurity & Data Privacy Resource Management
  • PRM-04 - Cybersecurity & Data Privacy In Project Management
  • PRM-05 - Cybersecurity & Data Privacy Requirements Definition
  • SAT-01 - Cybersecurity & Data Privacy-Minded Workforce
  • SAT-02 - Cybersecurity & Data Privacy Awareness Training
  • SAT-03 - Role-Based Cybersecurity & Data Privacy Training
  • SAT-03.4 -Vendor Cybersecurity & Data Privacy Training
  • SAT-03.7 -Continuing Professional Education (CPE) - Cybersecurity & Data Privacy Personnel
  • SAT-04 - Cybersecurity & Data Privacy Training Records
  • TDA-02.4 - Pre-Established Secure Configurations
  • TDA-02.7 - Cybersecurity & Data Privacy Representatives For Product Changes
  • TDA-09 - Cybersecurity & Data Privacy Testing Throughout Development
Assets 8