ComplianceForge Reference Model: Hierarchical Cybersecurity Governance Framework (HCGF)

The ComplianceForge Reference Model is commonly referred to as the Hierarchical Cybersecurity Governance Framework™ (HCGF). This reference model is designed to encourage clear communication by clearly defining cybersecurity and privacy documentation components and how those are linked. This comprehensive view identifies the primary documentation components that are necessary to demonstrate evidence of due diligence and due care. The HCGF addresses the inter-connectivity of policies, control objectives, standards, guidelines, controls, risks, procedures & metrics.

The Secure Controls Framework (SCF) fits into this model by providing the necessary cybersecurity and privacy controls an organization needs to implement to stay both secure and compliant. ComplianceForge has simplified the concept of the hierarchical nature of cybersecurity and privacy documentation in the following diagram to demonstrate the unique nature of these components, as well as the dependencies that exist:

complianceforge reference model - hierarchical cybersecurity governance framework

Browse Our Products

  • Digital Security Program (DSP)

    Digital Security Program (DSP)


    Enterprise-Class, Hybrid Framework For Cybersecurity & Privacy What Is The Digital Security Program (DSP)? The DSP is an enterprise-class solution for cybersecurity & privacy documentation consisting of thirty-three (33) domains that defines a...

    Choose Options
  • NIST 800-171 Compliance Program (NCP). This is a bundle of products that are specific to NIST 800-171 and CMMC 2.0 compliance - policies, standards, procedures, SSP & POA&M templates. Editable CMMC 2.0 Level 2 (old Level 3) policies, standards, procedures, SSP & POA&M templates.

    NIST 800-171 Compliance Program (NCP): CMMC Level 2


      UPDATED FOR CMMC 2.0   NIST SP 800-171 & CMMC "Easy Button" Solution - Editable & Affordable Cybersecurity Documentation What Is The NIST 800-171 Compliance Program (NCP)? The NCP is a compilation of editable Microsoft...

    Choose Options

Find Out Exclusive Information On Cybersecurity