Release Notes: 2.43.1.4 SCF Minor Upgrade 2021.2 Date released to Production: Tuesday, June 15th, 2021
High-Level Summary:
SCF Minor Upgrade 2021.2
Added Mappings:
- CIS CSC v8
- CSA CCM v4
- CSA IoT SCF v2
- NIST SSDF
- NIST 800-161 R1 draft [partial]
- StateRAMP
- VA CDPA
- UK GDPR
- New Zealand Health ISF
- New Zealand Privacy Act of 2020
- Bermuda BMA CCC
- Canada CSAG
Added Content:
Threat Catalog
- MT-8 - Dysfunctional Management Practices
Controls Catalog
- AST-01.3 - Standardized Naming Convention
- BCD-14 – Isolated Recovery Environment
- CAP-04 - Performance Monitoring
- CFG-07 - Zero-Touch Provisioning (ZTP)
- EMB-09 - Power Level Monitoring
- EMB-10 - Embedded Technology Reviews
- EMB-11 - Message Queuing Telemetry Transport (MQTT) Security
- EMB-12 - Restrict Communications
- EMB-13 - Authorized Communications
- EMB-14 – Operating Environment Certification
- EMB-15 - Safety Assessment
- EMB-16 - Certificate-Based Authentication
- EMB-17 - Chip-To-Cloud Security
- EMB-18 - Real-Time Operating System (RTOS) Security
- EMB-19 - Safe Operations
- IAC-29 - Attribute-Based Access Control (ABAC)
- MDM-09 – Mobile Device Geofencing
- MDM-10 – Separate Mobile Device Profiles
- PES-17 - Proximity Sensor
- PRI-01.5 - Binding Corporate Rules (BCR)
- PRI-01.6 - Security of Personal Data
- PRI-01.7 - Limiting Personal Data Disclosures
- PRI-04.2 - Primary Sources
- TDA-04.2 - Software Bill of Materials (SBOM)
- TDA-06.3 - Software Assurance Maturity Model (SAAM)
- TDA-06.4 - Supporting Toolchain
- TDA-06.5 - Software Design Review
- TDA-09.6 - Secure Settings By Default
- TDA-20.1 – Software Release Integrity Violation
- TDA-20.2 - Archiving Software Releases
- TPM-01.1 – Third-Party Inventories
Renamed:
- AST-02.4 – Approved Baseline Deviations
- CFG-02.7 – Approved Configuration Deviations
- MON-01.13 – Alert Threshold Tuning
- DCH-25 – Transfer of Sensitive Data
- END-06 – Endpoint File Integrity Monitoring (FIM)
- PRI-05.2 – Personal Data Accuracy & Integrity
- PRI-06.1 – Correcting Inaccurate Information
- VPM-05 – Software & Firmware Patching
Wordsmithed:
- AST-14.1
- BCD-12
- CFG-02.7
- CRY-08
- DCH-25
- END-05
- IAC-02
- IAC-03
- IAC-04
- IAC-06
- NET-14
- NET-14.2
- PRI-06.1
- VPM-06.6
- VPM-06.7
Updated Mapping:
- CFG-03.1 – added ISO 27002 controls 12.6.1 & 14.2.5
- MON-01.7 – added CIS 7.1 controls for 14.9
- IRO-02 – corrected typo from “095” to “096” for CMMC
- DCH-06 – corrected typo from “9.79” to “9.7” for PCI DSS
- NET-03.3 – corrected typo from “1.3.8” to “1.3.7” for PCI DSS
- Multiple - South Africa's POPIA
- NIST SP 800-53B (high baseline)
o AU-6(5)
o AU-6(6)
o SI-4(14)
- NIST SP 800-53B (Not Otherwise Categorized (NOC))
o AU-6(4)
o SI-4(15)
o PT-4(1)
o PT-4(2)
o PT-4(3)
o PT-5(1)
o SA-9(3)
o SA-9(4)
o SA-9(5)
Removed:
· New Zealand Privacy Act of 1993 (replaced with 2020 version)