# Common Controls Frameworks
A Common Controls Framework (CCF) is a map of controls for the purpose of efficient [[compliance]] audits. Many organizations map their controls for the purposes of compliance with mandated [[cybersecurity]] control frameworks, such as [[NIST CSF]], [[NIST 800-53]], [[NIST 800-218]], [[CISA Zero Trust Maturity Model]], [[PCI DSS 4.0]], etc. This process allows for efficiency by helping the organization to disseminate control requirements to capability owners so that they can drive capability compliance. This compliance overlay provides a map of several frameworks to the related Capability Scope.
## Capability Scope
| **Control Domain** | Published in | **Capability Scope** |
| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- |
| Access Management | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Identity and Access Management]] |
| Acquisition or sale of facilities, technology, and services | [[Unified Compliance Framework\|UCF]] | |
| Application Security | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Application Management]]<br>[[Code Management]]<br>[[Control Development]]<br>[[Control Verification]] |
| Artificial and Autonomous Technology | [[Secure Controls Framework\|SCF]] | |
| Asset Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Asset Management]] |
| Audit Compliance | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Compliance]]<br>[[Control Development]]<br>[[Control Verification]] |
| Audits and Risk Management | [[Unified Compliance Framework\|UCF]] | [[Compliance]]<br>[[Control Development]]<br>[[Control Verification]] |
| Backup Management | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Backup and Recovery]] |
| Business Continuity | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Backup and Recovery]] |
| Business Continuity & Disaster Recovery | [[Secure Controls Framework\|SCF]] | [[Backup and Recovery]] |
| Business Continuity & Resilience | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Backup and Recovery]] |
| Capacity & Performance Planning | [[Secure Controls Framework\|SCF]] | |
| Change Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Policy Automation]] |
| Change & Configuration Management | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Policy Automation]] |
| Cloud Security | [[Secure Controls Framework\|SCF]] | |
| Compliance | [[Secure Controls Framework\|SCF]] | [[Compliance]] |
| Configuration Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Policy Automation]] |
| Continuous Monitoring | [[Secure Controls Framework\|SCF]] | |
| Cryptographic Protections | [[Secure Controls Framework\|SCF]] | [[Identity and Access Management]] |
| Cryptography | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Identity and Access Management]] |
| Cryptography Management | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Identity and Access Management]] |
| Customer Managed Security | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| Cybersecurity & Data Privacy Governance | [[Secure Controls Framework\|SCF]] | [[Data Management]] |
| Data Classification & Handling | [[Secure Controls Framework\|SCF]] | [[Data Management]] |
| Data Management | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Data Management]] |
| Data Privacy | [[Secure Controls Framework\|SCF]] | [[Data Management]] |
| Data Security Management | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Data Management]] |
| Embedded Technology | [[Secure Controls Framework\|SCF]] | |
| Endpoint Security | [[Secure Controls Framework\|SCF]] | [[Device Management]] |
| Entity Management | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| Global Procurement | [[Cisco Cloud Controls Framework\|Cisco CCF]] | |
| Governance, Risk, and Compliance | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Defense Modeling]] |
| Harmonization Methods and Manual of Style | [[Unified Compliance Framework\|UCF]] | |
| Human Resources Security | [[Secure Controls Framework\|SCF]] | |
| Human Resources Management | [[Unified Compliance Framework\|UCF]] | |
| Identification & Authentication | [[Secure Controls Framework\|SCF]] | [[Identity and Access Management]] |
| Identity and Access Management | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Identity and Access Management]] |
| Incident Response | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Incident Containment]] |
| Information Assurance | [[Secure Controls Framework\|SCF]] | |
| Infrastructure Operations | [[Cisco Cloud Controls Framework\|Cisco CCF]] | |
| Leadership and High Level Objectives | [[Unified Compliance Framework\|UCF]] | |
| Maintenance | [[Secure Controls Framework\|SCF]] | |
| Mobile Device Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Device Management]] |
| Monitoring and Measurement | [[Unified Compliance Framework\|UCF]] | |
| Network Operations | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Network Management]] |
| Network Security | [[Secure Controls Framework\|SCF]] | [[Network Management]] |
| Operational Management | [[Unified Compliance Framework\|UCF]] | |
| Operational and Systems Security | [[Unified Compliance Framework\|UCF]] | |
| People and Communities | [[Cisco Cloud Controls Framework\|Cisco CCF]] | |
| People Resources | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| Physical and Environmental Protection | [[Unified Compliance Framework\|UCF]] | |
| Physical & Environmental Security | [[Secure Controls Framework\|SCF]] | |
| Physical Security | [[Cisco Cloud Controls Framework\|Cisco CCF]] | |
| Privacy | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Data Management]] |
| Privacy protection for information and data | [[Unified Compliance Framework\|UCF]] | [[Data Management]] |
| Proactive Security | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Code Management]] |
| Project & Resource Management | [[Secure Controls Framework\|SCF]] | |
| Records Management | [[Unified Compliance Framework\|UCF]] | [[Data Management]] |
| Risk Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | |
| Secure Engineering & Architecture | [[Secure Controls Framework\|SCF]] | |
| Security Awareness & Training | [[Secure Controls Framework\|SCF]] | [[Training]] |
| Security Governance | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| Security Incident | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Incident Containment]] |
| Security Operations | [[Secure Controls Framework\|SCF]] | |
| Service Lifecycle | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| Site Operations | [[Adobe Common Controls Framework\|Adobe CCF]] | |
| System Design Documentation | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Device Management]] |
| System hardening through Configuration Management | [[Unified Compliance Framework\|UCF]] | [[Device Management]] |
| Systems design, build, and implementation | [[Unified Compliance Framework\|UCF]] | [[Device Management]] |
| Systems Monitoring | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Device Management]]<br>[[Log Management]]<br>[[Stream Processing]]<br>[[Incident Containment]] |
| Technology Development & Acquisition | [[Secure Controls Framework\|SCF]] | |
| Technical Security | [[Unified Compliance Framework\|UCF]] | |
| Third Party and supply chain oversight | [[Unified Compliance Framework\|UCF]] | [[Third Party Management]] |
| Third Party Management | [[Adobe Common Controls Framework\|Adobe CCF]]<br>[[Secure Controls Framework\|SCF]] | [[Third Party Management]] |
| Threat Management | [[Secure Controls Framework\|SCF]] | [[Adversary Research]] |
| Training and Awareness | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Training]] |
| Vulnerability & Patch Management | [[Secure Controls Framework\|SCF]] | [[Control Verification]] |
| Vulnerability Detection | [[Cisco Cloud Controls Framework\|Cisco CCF]] | [[Control Verification]] |
| Vulnerability Management | [[Adobe Common Controls Framework\|Adobe CCF]] | [[Control Verification]] |
| Web Security | [[Secure Controls Framework\|SCF]] | [[Application Management]]<br>[[Code Management]] |
## Inspiration & Resources
+ [Adobe Common Controls Framework | Adobe Trust Center](https://www.adobe.com/trust/compliance/adobe-ccf.html)
+ [Unified Compliance](https://www.unifiedcompliance.com/)
+ [Secure Controls Framework](https://securecontrolsframework.com/)
+ [Cisco Cloud Controls Framework - Cisco](https://www.cisco.com/c/en/us/about/trust-center/compliance/ccf.html)
## Release Notes
+ [[WIP - Q3 2024 Release#Map Common Controls Frameworks to Cybersecurity Capabilities]]
##
[Cyber City Map](https://cybercitymap.com/) © 2023-2024 by [ThirdScore, Inc.](https://thirdscore.com/) All Rights Reserved.