SCF Common Controls and Evidence Management

this connector facilitates the management of security controls and evidence by providing access to the secure controls framework data the scf common controls and evidence management connector streamlines compliance processes by integrating with the secure controls framework (scf), a comprehensive catalog of controls and evidence management practices it enables users to obtain the latest scf data, manage controls, and handle evidence within their security environment, either by using a user uploaded scf excel file or fetching the official scf file based on the specified version this integration facilitates the alignment of security measures with various frameworks and standards, ensuring a robust compliance posture and simplifying evidence collection for audits within the swimlane turbine platform limitations this connector has been verified on turbine 25 0 2 & scf version 2024 3 & 2024 4 supported versions version 2024 4 represents a minor update, based on new and changed controls the scf had a minor formatting change that changed bullet listings to numbered listings configuration prerequisites to effectively use the scf common controls and evidence management connector, ensure you have the following configuration for scf version with these parameters version specify the version of the scf you wish to use selected frameworks choose the frameworks from scf relevant to your organization verify ssl certificates determine whether to enforce ssl certificate verification authentication methods scf configuration management authentication configure & set scf version with these parameters version specify the version of the scf you wish to use selected frameworks choose the frameworks from the scf that are relevant to your organization verify ssl certificates determine whether to enforce ssl certificate verification for secure communication use file set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version capabilities this connector provides the following capabilities get scf data get scf common controls data action connects to one of the following sources a user uploaded scf excel file if use file is set to true (you must upload the file) otherwise, connects to the scf github repository at https //github com/securecontrolsframework/securecontrolsframework/releases or; https //github com/securecontrolsframework/securecontrolsframework/releases/download/2025 1/secure controls framework scf 2025 1 xlsx ; downloads the versioned artifact transforms the artifact data to normalized application record values supported frameworks aicpa tsc 2017 2022 soc 2 apac australia essential 8 apac japan ismap cobit 2019 csa ccm v4 emea eu dora emea eu gdpr emea eu nis2 iec 62443 4 2 iso 27001 v2022 iso 27002 v2022 iso 27701 v2019 iso 42001 v2023 nist 800 53 rev5 and so on configurations scf configuration management configure & set scf version configuration parameters parameter description type required version scf version to use format is yyyy q only string required selected frameworks array required verify ssl verify ssl certificate boolean required use file set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version boolean optional http proxy a proxy to route requests through string optional xtnd selected frameworks allows ingestion from frameworks not available in selected frameworks options these values must match the column header values exactly array optional xtnd additional columns allows ingestion from additional columns these values must match the column header values exactly array optional actions get scf data obtain the latest secure controls framework data to manage controls and evidence within your security environment endpoint method python 311 definition input argument name type required description files object optional a file attachment upload the scf excel file to be processed when use file is set to true the file must be a valid secure controls framework (scf) excel artifact files file string optional parameter for get scf data files file name string optional name of the resource use file boolean optional set to true to use the user uploaded excel file; set to false to fetch the official scf file based on the specified version input example {"files" {"file" "string","file name" "example name"},"use file"\ true} output parameter type description log array output field log library record data array response data library record data aicpa tsc 2017 2022 soc 2 array response data library record data apac japan ismap array response data library record data cobit 2019 array response data library record data csa ccm v4 array response data library record data emea eu dora array response data library record data emea eu gdpr array response data library record data emea eu nis2 array response data library record data evidence request list erl id array response data library record data iso 27001 v2022 array response data library record data iso 27002 v2022 array response data library record data iso 27701 v2019 array response data library record data iso 42001 v2023 array response data library record data nist 800 53 rev5 array response data library record data nist csf function grouping string response data library record data nist csf v2 0 array response data library record data pci dss v4 0 array response data library record data pptdf applicability string response data library record data relative control weighting string response data library record data scf control string response data library record data scf control question string response data library record data scf domain string response data library record data scf id string response data library record data scrm focus array response data output example {"log" \[],"library record data" \[],"evidence record data" \[]} response headers header description example content type the media type of the resource application/json date the date and time at which the message was originated thu, 01 jan 2024 00 00 00 gmt