APRA CPS234

SCF Control Crosswalk Mapping
Showing 102 SCF controls mapped to APRA CPS234
SCF ControlControl NameDomainAPRA CPS234 RequirementWeightActions
GOV-01
Cybersecurity & Data Protection Governance ProgramCybersecurity & Data Protection Governance

Para 34(a)

Board Accountability for Information Security

10
GOV-01.1
Steering Committee & Program OversightCybersecurity & Data Protection Governance

Para 34(b)

Steering Committee & Program Oversight

7
GOV-02
Publishing Cybersecurity & Data Protection DocumentationCybersecurity & Data Protection Governance

Para 35

Publishing Cybersecurity & Data Protection Documentation

10
GOV-03
Periodic Review & Update of Cybersecurity & Data Protection ProgramCybersecurity & Data Protection Governance

Para 37

Periodic Review & Update of Cybersecurity & Data Protection Program

7
GOV-04
Assigned Cybersecurity & Data Protection ResponsibilitiesCybersecurity & Data Protection Governance

Para 35

Assigned Cybersecurity & Data Protection Responsibilities

10
GOV-06
Contacts With AuthoritiesCybersecurity & Data Protection Governance

Para 36

Contacts With Authorities

5
AST-01
Asset GovernanceAsset Management

Para 29

Asset Governance

10
AST-01.1
Asset-Service DependenciesAsset ManagementN/A5
BCD-02
Identify Critical AssetsBusiness Continuity & Disaster RecoveryN/A9
CHG-03
Security Impact Analysis for ChangesChange ManagementN/A9
CPL-01
Statutory, Regulatory & Contractual ComplianceCompliance

Para 34-39

Statutory, Regulatory & Contractual Compliance

10
CPL-01.1
Non-Compliance OversightComplianceN/A9
CPL-02
Cybersecurity & Data Protection Controls OversightComplianceN/A10
CPL-02.1
Internal Audit FunctionComplianceN/A5
CPL-03
Cybersecurity & Data Protection AssessmentsComplianceN/A10
CPL-03.1
Independent AssessorsComplianceN/A6
DCH-01
Data ProtectionData Classification & HandlingN/A10
DCH-02
Data & Asset ClassificationData Classification & HandlingN/A10
END-01.1
Unified Endpoint Device Management (UEDM)Endpoint SecurityN/A6
END-02
Endpoint Protection MeasuresEndpoint SecurityN/A9
END-03
Prohibit Installation Without Privileged StatusEndpoint SecurityN/A9
END-03.1
Software Installation AlertsEndpoint SecurityN/A8
END-04.2
Documented Protection MeasuresEndpoint SecurityN/A3
END-04.4
Heuristic / Nonsignature-Based DetectionEndpoint SecurityN/A8
END-04.5
Malware Protection Mechanism TestingEndpoint SecurityN/A5
END-04.6
Evolving Malware ThreatsEndpoint SecurityN/A3
END-04.7
Always On ProtectionEndpoint SecurityN/A9
END-05
Software FirewallEndpoint SecurityN/A9
END-06
Endpoint File Integrity Monitoring (FIM)Endpoint SecurityN/A8
END-06.1
Integrity ChecksEndpoint SecurityN/A6
END-06.2
Endpoint Detection & Response (EDR)Endpoint SecurityN/A9
END-06.3
Automated Notifications of Integrity ViolationsEndpoint SecurityN/A5
END-06.4
Automated Response to Integrity ViolationsEndpoint SecurityN/A5
END-06.5
Boot Process IntegrityEndpoint SecurityN/A5
END-06.6
Protection of Boot FirmwareEndpoint SecurityN/A5
END-06.7
Binary or Machine-Executable CodeEndpoint SecurityN/A5
END-06.8
Extended Detection & Response (XDR)Endpoint SecurityN/A5
END-07
Host Intrusion Detection and Prevention Systems (HIDS / HIPS)Endpoint SecurityN/A9
END-08.1
Central ManagementEndpoint SecurityN/A5
END-08.2
Automatic Spam and Phishing Protection UpdatesEndpoint SecurityN/A8
END-09
Trusted PathEndpoint SecurityN/A9
END-10
Mobile CodeEndpoint SecurityN/A4
END-11
Thin NodesEndpoint SecurityN/A4
END-12
Port & Input / Output (I/O) Device AccessEndpoint SecurityN/A6
END-13
Sensor CapabilityEndpoint SecurityN/A7
END-13.1
Authorized UseEndpoint SecurityN/A8
END-13.2
Notice of CollectionEndpoint SecurityN/A6
END-13.3
Collection MinimizationEndpoint SecurityN/A8
END-13.4
Sensor Delivery VerificationEndpoint SecurityN/A4
END-14
Collaborative Computing DevicesEndpoint SecurityN/A9
END-14.1
Disabling / Removal In Secure Work AreasEndpoint SecurityN/A5
END-14.2
Explicitly Indicate Current ParticipantsEndpoint SecurityN/A5
END-14.3
Participant Identity VerificationEndpoint SecurityN/A7
END-14.4
Participant Connection ManagementEndpoint SecurityN/A5
END-14.5
Malicious Link & File ProtectionsEndpoint SecurityN/A7
END-14.6
Explicit Indication Of UseEndpoint SecurityN/A6
END-15
Hypervisor AccessEndpoint SecurityN/A9
END-16
Restrict Access To Security FunctionsEndpoint SecurityN/A7
END-16.1
Host-Based Security Function IsolationEndpoint SecurityN/A7
HRS-03
Defined Roles & ResponsibilitiesHuman Resources SecurityN/A10
IRO-01
Incident Response OperationsIncident Response

Para 36

Incident Response Operations

9
IRO-02
Incident HandlingIncident Response

Para 36

Incident Handling

10
IRO-04
Incident Response Plan (IRP)Incident ResponseN/A9
IRO-06
Incident Response TestingIncident ResponseN/A9
IRO-07
Integrated Security Incident Response Team (ISIRT)Incident ResponseN/A9
IRO-09
Situational Awareness For IncidentsIncident ResponseN/A8
IRO-13
Root Cause Analysis (RCA) & Lessons LearnedIncident ResponseN/A8
PRM-01
Cybersecurity & Data Protection Portfolio ManagementProject & Resource ManagementN/A8
PRM-01.1
Strategic Plan & ObjectivesProject & Resource ManagementN/A5
PRM-01.2
Targeted Capability Maturity LevelsProject & Resource ManagementN/A5
PRM-02
Cybersecurity & Data Protection Resource ManagementProject & Resource ManagementN/A8
PRM-03
Allocation of ResourcesProject & Resource ManagementN/A8
PRM-07
Secure Development Life Cycle (SDLC) ManagementProject & Resource ManagementN/A10
RSK-08
Business Impact Analysis (BIA)Risk ManagementN/A8
RSK-10
Data Protection Impact Assessment (DPIA)Risk ManagementN/A9
SEA-01
Secure Engineering PrinciplesSecure Engineering & Architecture

Para 30

Security Awareness Training

10
SEA-01.1
Centralized Management of Cybersecurity & Data Protection ControlsSecure Engineering & ArchitectureN/A9
SEA-02
Alignment With Enterprise ArchitectureSecure Engineering & ArchitectureN/A9
SEA-03
Defense-In-Depth (DiD) ArchitectureSecure Engineering & ArchitectureN/A10
TDA-06.1
Criticality AnalysisTechnology Development & AcquisitionN/A9
TPM-01
Third-Party ManagementThird-Party ManagementN/A10
TPM-02
Third-Party Criticality AssessmentsThird-Party ManagementN/A9
TPM-03
Supply Chain Risk Management (SCRM)Third-Party ManagementN/A9
TPM-03.2
Limit Potential HarmThird-Party ManagementN/A9
TPM-04
Third-Party ServicesThird-Party ManagementN/A10
TPM-04.1
Third-Party Risk Assessments & ApprovalsThird-Party ManagementN/A9
TPM-05
Third-Party Contract RequirementsThird-Party ManagementN/A10
TPM-08
Review of Third-Party ServicesThird-Party ManagementN/A9
THR-01
Threat Intelligence ProgramThreat Management

Para 30

Threat Intelligence Program

8
THR-03.1
Threat Intelligence ReportingThreat ManagementN/A8
THR-04
Insider Threat ProgramThreat ManagementN/A8
THR-05
Insider Threat AwarenessThreat ManagementN/A8
THR-06.1
Security Disclosure Contact InformationThreat ManagementN/A1
THR-07
Threat HuntingThreat ManagementN/A4
THR-08
TaintingThreat ManagementN/A1
THR-09
Threat CatalogThreat ManagementN/A5
THR-10
Threat AnalysisThreat ManagementN/A7
THR-11
Behavioral BaseliningThreat ManagementN/A5
VPM-01
Vulnerability & Patch Management Program (VPMP)Vulnerability & Patch ManagementN/A9
VPM-02
Vulnerability Remediation ProcessVulnerability & Patch ManagementN/A10
VPM-04
Continuous Vulnerability Remediation ActivitiesVulnerability & Patch ManagementN/A8
VPM-05
Software & Firmware PatchingVulnerability & Patch ManagementN/A10