Common Controls Framework (CCF) by Adobe v4.0 Now Available

The Common Control Framework (CCF) by Adobe is the foundational framework and backbone to our company-wide security compliance strategy. The CCF is a comprehensive set of simple control requirements, aggregated, correlated, and rationalized from industry information security and privacy standards.

As part of Adobe’s on-going effort to contribute to the broader security community, our Technology Governance, Risk and Compliance (Tech GRC) group is excited to release the open source Common Controls Framework (CCF) v4.0. The updated CCF builds upon the previously released version in 2019, and includes additional mapping of the control activities to AICPA TSC for Confidentiality, ISO 22301:2019, NIST Cybersecurity Framework, Australian Information Security Manual – ISM (IRAP) and Esquema Nacional de Seguridad (ENS) for High – Spanish National Security Framework. These activities have been implemented by product operations and engineering teams to help achieve compliance with the standards set forth by these regulatory bodies.

Organizations of all sizes and sectors can tailor CCF to their specific security compliance objectives. Integrating CCF into the compliance workflow can allow companies to enable a more scalable security, compliance, and operations process to help ensure ongoing success. The Technology GRC group at Adobe have also developed a CCF controls automation platform. You can read more about that effort at Security@Adobe blog.

We invite you to take the opportunity to download CCF today and adapt it for use in your organization. It is available in both PDF and Excel formats with this release. We welcome feedback and questions about the framework. You can contact us directly at opensourceccf@adobe.com.