NIST CSF 2.0 Headlines a Slate of Twelve (12) Cybersecurity Certification Offerings
SHERIDAN, WY / ACCESS Newswire / January 16, 2025 / The Secure Controls Framework Council, LLC (SCF Council), publisher of a leading cybersecurity conformity meta-framework, announced the planned list of SCF-based certification assessments that will be available in 2025.
Starting in late Q1 2025, the SCF Certifiedâ„¢ – NIST CSF 2.0 certification will be launched as the flagship certification that is available by the SCF Conformity Assessment Program (SCF CAP).
Subsequent certifications will then be introduced on a rolling basis throughout 2025 to provide coverage for the following cybersecurity laws, regulations, and frameworks:
NIST CSF 2.0
HIPAA Security Rule / NIST 800-66 R2
NIST 800-171 R2
NIST 800-171 R3
Federal Acquisition Regulation (FAR) 52.204-21
NY DFS 23 NYCRR500
DHS Zero Trust Capability Framework (ZTCF)
CISA Cybersecurity Performance Goals (CPGs)
CISA Secure Software Development Attestation Form (SSDAF)
EU Digital Operational Resilience Act (DORA)
EU Network and Information Systems (NIS2) Directive
Australia Essential Eight
Bringing Value To Cybersecurity Certifications
SCF-based certifications deliver significant value to organizations by enabling streamlined compliance across diverse regulatory landscapes. “We are extremely enthused at the impending roll out of our SCF certification program,” said Tom Cornelius, founder of the Secure Controls Framework (SCF). “There is no better way to instill trust and confidence in an organization’s cybersecurity capabilities than to have an accredited third-party assess against existing compliance standards.”
Cornelius continued, “It makes all the sense in the world to start with NIST CSF 2.0, as that framework is widely utilized both domestically and internationally. Offering an ‘assessable and accessible’ third-party conformity assessment that validates NIST CSF implementation will resonate with CISOs, C-suites, and Boardrooms far and wide. Following the SCF-based NIST CSF 2.0 certification launch, the other certification options will provide needed coverage over much of the current cybersecurity landscape.”
By integrating multiple frameworks into a cohesive control set, the SCF minimizes redundancy, saving organizations time and resources while ensuring consistency in meeting complex conformity requirements. This efficiency extends to the transparent mapping and maintenance of control sets across different versions of regulatory regimes, ensuring alignment with the latest standards. Most critically, the SCF CAP employs a rigorous third-party assessment process governed by The Cyber AB, the exclusive accreditation body for the SCF CAP. This governance ensures the highest level of assurance and impartiality in certification results, reinforcing trust and credibility with stakeholders.
SCF Certification Assessment Guides
Each law, regulation, and framework offered for SCF-based certification will have an accompanying Assessment Guide (AG). These AGs will provide law, regulation, and framework-specific criteria that must be addressed to successfully demonstrate conformity. The draft AG for NIST CSF 2.0 certification is available and free to download.
Background Information On The SCF CAP
The SCF CAP leverages the principles of the Cybersecurity & Data Protection Assessment Standards (CDPAS) to simplify and standardize third-party assessments. The SCF CAP harnesses efficiencies provided by the CDPAS and minimizes assumptions that exist with other third-party assessments. This results in the SCF CAP providing organizations with a meaningful certification that accurately reflects its security posture, offering a streamlined way to demonstrate compliance to partners, clients and other stakeholders.
About the Secure Controls Framework Council LLC (SCF Council)
The SCF Council publishes the Secure Controls Framework (SCF) under a Creative Commons licensing model, which is available to organizations free of charge. The SCF serves as a “framework of frameworks,” simplifying and unifying cybersecurity and data protection controls. It provides a scalable method for organizations to address both their compliance obligations and security needs, helping them operationalize cybersecurity, risk management, and third-party governance.
The SCF Council is dedicated to simplifying the complex landscape of cybersecurity and data protection controls. The SCF meta-framework integrates multiple standards into a holistic control set, allowing organizations to operationalize cybersecurity and manage risk with a straightforward approach.
About The Cyber AB
Founded in 2020, The Cyber AB is a Maryland-based, independent, nonprofit 501(c)(3) tax-exempt organization that provides accreditation services for cybersecurity conformity regimes. The Cyber AB also serves as the exclusive accreditation body for the U.S. Department of Defense Cybersecurity Maturity Model Certification (CMMC) Program.
For more information about this collaboration and the SCF CAP, please visit https://securecontrolsframework.com/scf-conformity-assessment-program-cap.
Contact Information
SCF Council, LLC
[email protected]
SOURCE: Secure Controls Framework Council LLC
