This is the main content of the page.

 
 

National and Media UpdatesPress Releases

Accreditation Body Media

For all communications and media inquiries, please email the Cyber AB at:

events@cyberab.org

 

Cyber AB News

Please see below the official announcements and communications issued by the Cyber AB regarding significant information updates, official statements or general information for public awareness.

 

CMMC Ecosystem Updates

Official announcements highlighting recent actions taken by the Cyber AB and other newsworthy information. To view Press Releases from 2021 to date, please read below.

 

Secure Controls Framework Conformity Assessment Program (SCF CAP) Releases Its 2025 Roadmap for SCF-Based Certifications

January 16, 2025

The Secure Controls Framework Council, LLC (SCF Council), publisher of a leading cybersecurity conformity meta-framework, announced the planned list of SCF-based certification assessments that will be available in 2025.

Starting in late Q1 2025, the SCF Certified™ - NIST CSF 2.0 certification will be launched as the flagship certification that is available by the SCF Conformity Assessment Program (SCF CAP).

Subsequent certifications will then be introduced on a rolling basis throughout 2025 to provide coverage for the following cybersecurity laws, regulations, and frameworks:

  1. NIST CSF 2.0
  2. HIPAA Security Rule / NIST 800-66 R2
  3. NIST 800-171 R2
  4. NIST 800-171 R3
  5. Federal Acquisition Regulation (FAR) 52.204-21
  6. NY DFS 23 NYCRR500
  7. DHS Zero Trust Capability Framework (ZTCF)
  8. CISA Cybersecurity Performance Goals (CPGs)
  9. CISA Secure Software Development Attestation Form (SSDAF)
  10. EU Digital Operational Resilience Act (DORA)
  11. EU Network and Information Systems (NIS2) Directive
  12. Australia Essential Eight

Bringing Value To Cybersecurity Certifications

SCF-based certifications deliver significant value to organizations by enabling streamlined compliance across diverse regulatory landscapes. "We are extremely enthused at the impending roll out of our SCF certification program," said Tom Cornelius, founder of the Secure Controls Framework (SCF). "There is no better way to instill trust and confidence in an organization's cybersecurity capabilities than to have an accredited third-party assess against existing compliance standards."

Cornelius continued, "It makes all the sense in the world to start with NIST CSF 2.0, as that framework is widely utilized both domestically and internationally. Offering an ‘assessable and accessible' third-party conformity assessment that validates NIST CSF implementation will resonate with CISOs, C-suites, and Boardrooms far and wide. Following the SCF-based NIST CSF 2.0 certification launch, the other certification options will provide needed coverage over much of the current cybersecurity landscape."

By integrating multiple frameworks into a cohesive control set, the SCF minimizes redundancy, saving organizations time and resources while ensuring consistency in meeting complex conformity requirements. This efficiency extends to the transparent mapping and maintenance of control sets across different versions of regulatory regimes, ensuring alignment with the latest standards. Most critically, the SCF CAP employs a rigorous third-party assessment process governed by The Cyber AB, the exclusive accreditation body for the SCF CAP. This governance ensures the highest level of assurance and impartiality in certification results, reinforcing trust and credibility with stakeholders.

SCF Certification Assessment Guides

Each law, regulation, and framework offered for SCF-based certification will have an accompanying Assessment Guide (AG). These AGs will provide law, regulation, and framework-specific criteria that must be addressed to successfully demonstrate conformity. The draft AG for NIST CSF 2.0 certification is available and free to download.

Background Information On The SCF CAP

The SCF CAP leverages the principles of the Cybersecurity & Data Protection Assessment Standards (CDPAS) to simplify and standardize third-party assessments. The SCF CAP harnesses efficiencies provided by the CDPAS and minimizes assumptions that exist with other third-party assessments. This results in the SCF CAP providing organizations with a meaningful certification that accurately reflects its security posture, offering a streamlined way to demonstrate compliance to partners, clients and other stakeholders.

About the Secure Controls Framework Council LLC (SCF Council)

The SCF Council publishes the Secure Controls Framework (SCF) under a Creative Commons licensing model, which is available to organizations free of charge. The SCF serves as a "framework of frameworks," simplifying and unifying cybersecurity and data protection controls. It provides a scalable method for organizations to address both their compliance obligations and security needs, helping them operationalize cybersecurity, risk management, and third-party governance.

The SCF Council is dedicated to simplifying the complex landscape of cybersecurity and data protection controls. The SCF meta-framework integrates multiple standards into a holistic control set, allowing organizations to operationalize cybersecurity and manage risk with a straightforward approach.

About The Cyber AB

Founded in 2020, The Cyber AB is a Maryland-based, independent, nonprofit 501(c)(3) tax-exempt organization that provides accreditation services for cybersecurity conformity regimes. The Cyber AB also serves as the exclusive accreditation body for the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) Program.

Contact Information

SCF Council, LLC
support@securecontrolsframework.com

SOURCE: Secure Controls Framework Council LLC