SCF Common Controls and Evidence Management

this connector facilitates the management of security controls and evidence by providing access to the secure controls framework data the scf common controls and evidence management connector streamlines compliance processes by integrating with the secure controls framework (scf), a comprehensive catalog of controls and evidence management practices it enables users to obtain the latest scf data, manage controls, and handle evidence within their security environment, either by using a user uploaded scf excel file or fetching the official scf file based on the specified version this integration facilitates the alignment of security measures with various frameworks and standards, ensuring a robust compliance posture and simplifying evidence collection for audits within the swimlane turbine platform limitations this connector has been verified on turbine 25 0 2 & scf version 2024 3 & 2024 4 supported versions version 2024 4 represents a minor update, based on new and changed controls the scf had a minor formatting change that changed bullet listings to numbered listings configuration prerequisites to effectively use the scf common controls and evidence management connector, ensure you have the following configuration for scf version with these parameters version specify the version of the scf you wish to use selected frameworks choose the frameworks from scf relevant to your organization verify ssl certificates determine whether to enforce ssl certificate verification authentication methods scf configuration management authentication configure & set scf version with these parameters version specify the version of the scf you wish to use selected frameworks choose the frameworks from the scf that are relevant to your organization verify ssl certificates determine whether to enforce ssl certificate verification for secure communication use file set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version capabilities this connector provides the following capabilities get scf data get scf common controls data action connects to one of the following sources a user uploaded scf excel file if use file is set to true (you must upload the file) otherwise, connects to the scf github repository at https //github com/securecontrolsframework/securecontrolsframework/releases https //github com/securecontrolsframework/securecontrolsframework/releases or; https //github com/securecontrolsframework/securecontrolsframework/releases/download/2025 1/secure controls framework scf 2025 1 xlsx https //github com/securecontrolsframework/securecontrolsframework/releases/download/2025 1/secure controls framework scf 2025 1 xlsx ; downloads the versioned artifact transforms the artifact data to normalized application record values supported frameworks aicpa tsc 2017 2022 soc 2 apac australia essential 8 apac japan ismap cobit 2019 csa ccm v4 emea eu dora emea eu gdpr emea eu nis2 iec 62443 4 2 iso 27001 v2022 iso 27002 v2022 iso 27701 v2019 iso 42001 v2023 nist 800 53 rev5 and so on configurations scf configuration management configure & set scf version configuration parameters parameter description type required version scf version to use format is yyyy q only string required selected frameworks array required verify ssl verify ssl certificate boolean required use file set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version boolean optional http proxy a proxy to route requests through string optional xtnd selected frameworks allows ingestion from frameworks not available in selected frameworks options these values must match the column header values exactly array optional xtnd additional columns allows ingestion from additional columns these values must match the column header values exactly array optional actions get scf data obtain the latest secure controls framework data to manage controls and evidence within your security environment endpoint method python 311 definition input argument name type required description files object optional a file attachment upload the scf excel file to be processed when use file is set to true the file must be a valid secure controls framework (scf) excel artifact file string optional parameter for get scf data file name string optional name of the resource use file boolean optional set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version output parameter type description log array output field log library record data array response data aicpa tsc 2017 2022 soc 2 array output field aicpa tsc 2017 2022 soc 2 apac japan ismap array output field apac japan ismap cobit 2019 array output field cobit 2019 csa ccm v4 array output field csa ccm v4 emea eu dora array output field emea eu dora emea eu gdpr array output field emea eu gdpr emea eu nis2 array output field emea eu nis2 evidence request list erl id array unique identifier iso 27001 v2022 array output field iso 27001 v2022 iso 27002 v2022 array output field iso 27002 v2022 iso 27701 v2019 array output field iso 27701 v2019 iso 42001 v2023 array output field iso 42001 v2023 nist 800 53 rev5 array output field nist 800 53 rev5 nist csf function grouping string output field nist csf function grouping nist csf v2 0 array output field nist csf v2 0 pci dss v4 0 array output field pci dss v4 0 pptdf applicability string output field pptdf applicability relative control weighting string output field relative control weighting scf control string output field scf control scf control question string output field scf control question scf domain string output field scf domain scf id string unique identifier scrm focus array output field scrm focus example \[ { "log" \[], "library record data" \[], "evidence record data" \[] } ]