On the 28 August 2019, the SSC approved Version 1.18 of the Security Controls Framework (SCF) and Version 1.9 of the Agreed Interpretations (AIs) for publication. The updates are as follows:
- Security Controls Framework
- Updated to clarify equivalence between SEC security obligations and the Networks and Information Systems (NIS) Directive Principles and Indicators of Good Practice for Operators of Essential Services (OES).
- Added a clarification to the FAQs in Part 1 and Appendix E in Part 2. Allowing a Memorandum of Understanding or a Letter of Intent to be submitted for G3.18 – G3.20 compliance, rather than a full contract.
- Agreed Interpretations
- Updated to include a new section 13 to clarify equivalence between SEC security obligations and the NIS and CAF Principles and Indicators of Good Practice (IGP) to avoid duplication of assurance.
Both clean and tracked changed versions of the documents can be found here on our website.