Safeguards - Core Edition

What Are the CRF Safeguards?

The CRF Safeguards (CRF-S) are a single, aggregated library of cybersecurity safeguards derived from and mapped against 90+ global cybersecurity standards, frameworks, and regulatory requirements — including NIST, ISO, CIS, NYCRR 500, HIPAA, and others. Rather than introducing new controls, the CRF-S consolidates and normalizes existing expectations into a coherent, outcome-oriented set that organizations can use as a stable reference point, regardless of industry, geography, or regulatory environment.

The safeguards are defined to help organizations achieve their business objectives while managing cybersecurity risk — not simply to satisfy external requirements. Each safeguard reflects common intent across source standards and is organized by maturity level, giving organizations a clear structure for implementation, assessment, and validation.

Beginning in 2026, the CRF Safeguards are published in multiple editions. The Core Edition is the authoritative and comprehensive set. Four specialized editions — Hygiene, Governance, Application Security, and Small Business — are curated subsets of the Core, allowing organizations to focus on safeguards most relevant to their context without fragmenting the underlying library.

To see all the cybersecurity standards included in our database, visit the CRF Cybersecurity Standards Database.

The CRF-S in the CRF Ecosystem

CRF-MM — Provides the maturity structure for grouping safeguards into program-level capability buckets
CRF Assessment Tools — Measure how comprehensively safeguards are implemented across systems and environments
CRF-GRM — Defines how safeguards are selected and governed across the seven-step roadmap
CRF-AF and CRF-BIM — Define how safeguards are independently validated and continuously evidenced

Who Is This For?

Cybersecurity leaders building or maturing a structured safeguard library
Compliance and GRC teams aligning controls across multiple regulatory frameworks
Auditors and assessors who need a standards-informed, consistent reference for evaluation
Organizations seeking a single reference point that works across jurisdictions, industries, and risk contexts

What’s New in v2026?

Multi-Edition Model: The CRF-S is now published in multiple editions for the first time — Core, Hygiene, Governance, Application Security, and Small Business. All specialized editions are curated subsets of the Core; the Core remains the authoritative source
90+ Standards: The safeguard library now draws from 90+ global standards and regulatory requirements, up from 80+ in v2025
Software Development Reorganized: The single Software Development Management section from v2025 is now split into two distinct sections — Software Development Standardization and Software Development Operations — with Software Development Vulnerability Management remaining as a third separate section
Business-Outcome Framing: The v2026 introduction explicitly positions the CRF-S as business-outcome-oriented, not compliance-driven — safeguards exist to help organizations achieve mission objectives, not simply satisfy external requirements
AI Management: First introduced in v2025; continued and expanded in v2026

Download - v2026

Frequently Asked Questions

What are the first steps in implementing cybersecurity safeguards?

Begin with a thorough assessment of your current cybersecurity posture, identify critical assets and potential vulnerabilities, and prioritize safeguards based on your specific risk profile.

How often should we review and update our cybersecurity safeguards?

Regularly, at least annually or whenever significant changes occur in your operational environment or the threat landscape.

Can small organizations afford to implement effective cybersecurity safeguards?

Yes, many foundational and hygiene-level safeguards are cost-effective and scalable, making them accessible for organizations of all sizes.

How do we ensure our employees adhere to cybersecurity safeguards?

Through continuous education, awareness programs, and clear policies that emphasize the importance of cybersecurity and outline individual responsibilities.

What role do cybersecurity experts play in implementing safeguards?

Experts can provide strategic guidance, help identify and prioritize safeguards, assist with implementation, and offer ongoing support to ensure your cybersecurity measures are effective and up-to-date.