The CRF Safeguards (CRF-S) are a prioritized library of cybersecurity controls derived from and mapped against 90+ globally recognized standards, frameworks, and regulatory requirements — including NIST, ISO, CIS, HIPAA, NYCRR 500, and dozens more. Beginning in 2026, the CRF-S is published in multiple editions. The Core Edition is the authoritative and complete set of safeguards; the specialized editions are curated subsets designed for specific organizational contexts and use cases.
To see all the cybersecurity standards included in our database, visit the CRF Cybersecurity Standards Database.
The complete CRF Safeguards library, covering all safeguard categories across every maturity level, mapped to 90+ global standards.
A curated subset focused on cybersecurity governance — policies, roles, oversight, and accountability.
Foundational safeguards that every organization should have in place — a practical baseline for any cybersecurity program.
Safeguards focused on secure software development, deployment, and vulnerability management.
A scaled-down set of safeguards tailored to the needs and constraints of smaller organizations.
