Skip to main content
GOV

Cybersecurity & Data Protection Governance

38 controls

Execute a documented, risk-based program that supports business objectives while encompassing appropriate cybersecurity & data protection principles that addresses applicable statutory, regulatory and contractual obligations.

SCF # Control Name Weight NIST CSF Frameworks
GOV-01 Cybersecurity & Data Protection Governance Program 10 — Critical Govern 127
GOV-01.1 Steering Committee & Program Oversight 7 — High Govern 49
GOV-01.2 Status Reporting To Governing Body 5 — Medium Govern 32
GOV-01.3 Commitment To Continual Improvements 7 — High Govern 2
GOV-02 Publishing Cybersecurity & Data Protection Documentation 10 — Critical Govern 117
GOV-02.1 Exception Management 8 — High Govern 11
GOV-03 Periodic Review & Update of Cybersecurity & Data Protection Program 7 — High Govern 81
GOV-04 Assigned Cybersecurity & Data Protection Responsibilities 10 — Critical Govern 95
GOV-04.1 Stakeholder Accountability Structure 8 — High Govern 27
GOV-04.2 Authoritative Chain of Command 7 — High Govern 17
GOV-05 Measures of Performance 6 — Medium Govern 61
GOV-05.1 Key Performance Indicators (KPIs) 6 — Medium Govern 11
GOV-05.2 Key Risk Indicators (KRIs) 6 — Medium Govern 12
GOV-06 Contacts With Authorities 5 — Medium Govern 57
GOV-07 Contacts With Groups & Associations 7 — High Govern 32
GOV-08 Defining Business Context & Mission 5 — Medium Govern 23
GOV-09 Define Control Objectives 5 — Medium Govern 25
GOV-10 Data Governance 9 — Critical Govern 12
GOV-11 Purpose Validation 5 — Medium Govern 6
GOV-12 Forced Technology Transfer (FTT) 10 — Critical Govern 4
GOV-13 State-Sponsored Espionage 10 — Critical Govern 4
GOV-14 Business As Usual (BAU) Secure Practices 6 — Medium Govern 11
GOV-15 Operationalizing Cybersecurity & Data Protection Practices 9 — Critical Govern 51
GOV-15.1 Select Controls 8 — High Govern 35
GOV-15.2 Implement Controls 9 — Critical Govern 35
GOV-15.3 Assess Controls 8 — High Govern 25
GOV-15.4 Authorize Technology Assets, Applications and/or Services (TAAS) 8 — High Govern 21
GOV-15.5 Monitor Controls 8 — High Govern 23
GOV-16 Materiality Determination 7 — High Govern 10
GOV-16.1 Material Risks 7 — High Govern 5
GOV-16.2 Material Threats 7 — High Govern 4
GOV-17 Cybersecurity & Data Protection Status Reporting 8 — High Govern 8
GOV-18 Quality Management System (QMS) 4 — Medium Govern 2
GOV-19 Assurance 7 — High Govern 2
GOV-19.1 Assurance Levels (AL) 7 — High Govern 1
GOV-19.2 Assessment Objectives (AO) 7 — High Govern 1
GOV-20 Mergers, Acquisitions & Divestitures (MA&D) 6 — Medium Govern 1
GOV-20.1 Virtual Data Room (VDR) 6 — Medium Govern 1

The Secure Controls Framework (SCF) is maintained by SCF Council. Use of SCF content is subject to the SCF Terms & Conditions.

Manage SCF Controls in SCF Connect

Streamline your compliance program with automated control tracking, evidence management, and framework mapping.

Get Started Free