Skip to main content
CPL

Compliance

35 controls

Oversee the execution of cybersecurity & data privacy controls to ensure appropriate evidence required due care and due diligence exists to meet compliance with applicable statutory, regulatory and contractual obligations.

SCF # Control Name Weight NIST CSF Frameworks
CPL-01 Statutory, Regulatory & Contractual Compliance 10 — Critical Govern 176
CPL-01.1 Non-Compliance Oversight 9 — Critical Respond 36
CPL-01.2 Compliance Scope 10 — Critical Identify 31
CPL-01.3 Ability To Demonstrate Conformity 8 — High Protect 13
CPL-01.4 Conformity Assessment 9 — Critical Govern 12
CPL-01.5 Declaration of Conformity 1 — Low Govern 6
CPL-01.6 Assessment Team Subject Matter Expertise 5 — Medium Protect 1
CPL-02 Cybersecurity & Data Protection Controls Oversight 10 — Critical Detect 143
CPL-02.1 Internal Audit Function 5 — Medium Detect 44
CPL-02.2 Periodic Audits 8 — High Detect 11
CPL-02.3 Corrective Action 7 — High Govern 5
CPL-03 Cybersecurity & Data Protection Assessments 10 — Critical Detect 109
CPL-03.1 Independent Assessors 6 — Medium Detect 50
CPL-03.2 Functional Review Of Cybersecurity & Data Protection Controls 8 — High Detect 81
CPL-03.3 Assessor Access 7 — High Govern 2
CPL-03.4 Assessment Methods 7 — High Govern 1
CPL-03.5 Assessment Rigor 7 — High Govern 1
CPL-03.6 Evidence Request List (ERL) 7 — High Govern 1
CPL-03.7 Evidence Sampling 7 — High Govern 1
CPL-04 Audit Activities 5 — Medium Identify 11
CPL-05 Legal Assessment of Investigative Inquires 2 — Low Respond 9
CPL-05.1 Investigation Request Notifications 2 — Low Respond 3
CPL-05.2 Investigation Access Restrictions 2 — Low Protect 10
CPL-06 Government Surveillance 10 — Critical Protect 4
CPL-07 Grievances 5 — Medium Respond 2
CPL-07.1 Grievance Response 5 — Medium Respond 2
CPL-08 Localized Representation 2 — Low Govern 5
CPL-08.1 Representative Powers 2 — Low Govern 5
CPL-09 Control Reciprocity 5 — Medium Govern 1
CPL-10 Control Inheritance 5 — Medium Govern 1
CPL-11 Dual Use Technology 8 — High Govern 1
CPL-11.1 USML or CCL Identification 8 — High Govern 1
CPL-11.2 Export-Controlled Access Restrictions 8 — High Govern 1
CPL-11.3 Export Activities Documentation 8 — High Govern 1
CPL-12 Statement of Applicability (SOA) 5 — Medium Protect 1

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free