Free Resource · SCF 2026.1
The Secure Controls Framework, finally searchable
Search and filter every control in the Secure Controls Framework and see how each one maps across 290+ cybersecurity and privacy frameworks — ISO 27001, NIST CSF, SOC 2, PCI DSS and more. No spreadsheet gymnastics required.
- Controls
- 1,468+
- Domains
- 33+
- Frameworks mapped
- 294+
1,468 controls
1,468 controls
Artificial Intelligence (AI) & Autonomous Technologies Governance
Mechanisms exist to ensure policies, processes, procedures and practices related to the mapping, measuring and managing of Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related risks are in place, transparent and implemented effectively.
AI & Autonomous Technologies-Related Legal Requirements Definition
Mechanisms exist to identify, understand, document and manage applicable statutory and regulatory requirements for Artificial Intelligence (AI) and Autonomous Technologies (AAT).
Trustworthy AI & Autonomous Technologies
Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) are designed to be reliable, safe, fair, secure, resilient, transparent, explainable and data privacy-enhanced to minimize emergent properties or unintended consequences.
AI & Autonomous Technologies Value Sustainment
Mechanisms exist to sustain the value of deployed Artificial Intelligence (AI) and Autonomous Technologies (AAT).
AI Model & Agent Inventory & Lifecycle Management
Mechanisms exist to track the lifecycle of all AI models and AI agents, including ownership, intended purpose and status across: (1) Development; (2) Deployment; (3) Updates; and (4) Decommissioning.
Situational Awareness of AI & Autonomous Technologies
Mechanisms exist to develop and maintain an inventory of Artificial Intelligence (AI) and Autonomous Technologies (AAT) (internal and third-party).
AI & Autonomous Technologies Risk Mapping
Mechanisms exist to identify Artificial Intelligence (AI) and Autonomous Technologies (AAT) in use and map those components to potential legal risks, including statutory and regulatory compliance requirements.
AI & Autonomous Technologies Internal Controls
Mechanisms exist to identify and document internal security, compliance and resilience for Artificial Intelligence (AI) and Autonomous Technologies (AAT).
Adequate Protections For AI & Autonomous Technologies
Mechanisms exist to ensure Artificial Intelligence (AI) and Autonomous Technologies (AAT) include reasonable security, compliance and resilience protections that are commensurate with assessed risks and threats.
AI Threat Modeling & Risk Assessment
Mechanisms exist to conduct Artificial Intelligence (AI) and Autonomous Technologies (AAT)-specific threat modeling and risk assessments to address the following criteria across the lifecycle of the AAT: (1) Attack surfaces; (2) Adversarial threats; and (3) Abuse / misuse scenarios.
AI & Autonomous Technologies Context Definition
Mechanisms exist to establish and document the context surrounding Artificial Intelligence (AI) and Autonomous Technologies (AAT), including: (1) Intended purposes; (2) Potentially beneficial uses; (3) Context-specific laws and regulations; (4) Norms and expectations; and (5) Prospective settings in which the system(s) will be deployed.
AI & Autonomous Technologies Mission and Goals Definition
Mechanisms exist to define and document the organization's mission and defined goals for Artificial Intelligence (AI) and Autonomous Technologies (AAT).
Model & AI Agent Documentation
Mechanisms exist to create, maintain and provide access to documentation artifacts for AI models and agents, including: (1) Data lineage; (2) Intended use; and (3) Limitations.
AI & Autonomous Technologies Business Case
Mechanisms exist to benchmark capabilities, targeted usage, goals and expected benefits and costs of Artificial Intelligence (AI) and Autonomous Technologies (AAT).
AI & Autonomous Technologies Potential Benefits Analysis
Mechanisms exist to assess the potential benefits of proposed Artificial Intelligence (AI) and Autonomous Technologies (AAT).
AI & Autonomous Technologies Potential Costs Analysis
Mechanisms exist to assess potential costs, including non-monetary costs, resulting from expected or realized Artificial Intelligence (AI) and Autonomous Technologies (AAT)-related errors or system functionality and trustworthiness.
AI & Autonomous Technologies Targeted Application Scope
Mechanisms exist to specify and document the targeted application scope of the proposed use and operation of Artificial Intelligence (AI) and Autonomous Technologies (AAT).
AI & Autonomous Technologies Cost / Benefit Mapping
Mechanisms exist to map risks and benefits for all components of Artificial Intelligence (AI) and Autonomous Technologies (AAT), including third-party software and data.
AI & Autonomous Technologies Training
Mechanisms exist to ensure personnel and external stakeholders are provided with position-specific risk management training for Artificial Intelligence (AI) and Autonomous Technologies (AAT).
AI & Autonomous Technologies Fairness & Bias
Mechanisms exist to prevent Artificial Intelligence (AI) and Autonomous Technologies (AAT) from unfairly identifying, profiling and/or statistically singling out a segmented population defined by race, religion, gender identity, national origin, religion, disability or any other politically-charged identifier.
Showing 1–20 of 1,468
Data attribution
Control content is sourced from the Secure Controls Framework™ (SCF) version 2026.1, © Secure Controls Framework Council, LLC, licensed under CC BY-ND 4.0. RiskRegisterHQ is not affiliated with, endorsed by, or sponsored by the SCF Council. For the authoritative and most current version, visit securecontrolsframework.com.
From framework to action
Mapping controls is step one. RiskRegisterHQ helps you assign owners, track treatment, and keep an audit trail — without the spreadsheet chaos.