The UCF weathers the compliance storm.

Weather the Compliance Storm

The Unified Compliance Framework reduces the regulatory tornado to a much smaller set of harmonized controls, giving you a single point of control over hundreds of complex compliance requirements from around the world.

Meeting your compliance requirements has never been this straightforward.

See the UCF controls for free or watch a short introduction. 

News & Events

UCF in Windows IT Pro
A "great research and information tool..."

UCF in Network World
The UCF "could save you a lot of time as well as a fair bit of money..."

UCF Adds Configuration Management
Latest UCF release includes cross platform configuration management controls

PCI SAQ v1.1 Harmonized into the UCF
Payment Card Industry Security Standards Council "Self Assessment Questionnaire" version 1.1 integrated into the UCF

Partners

The UCF is included in products by leading compliance vendors, including:

  • CA
  • NetIQ
  • Compliance Spectrum
  • ...and more

    • Contact us to become a partner or include your solution in the UCF.

    Featured Product

    Unified Compliance Framework

    The UCF harmonizes controls across hundreds of different regulations: comply with a given rule once and attest to the control for many different regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, NIST and hundreds more.

    The UCF organizes real-world IT processes into 12 IT Impact Zones. Each deals with one area of policies, standards, and procedures.

    The UCF 12 IT Impact Zones

  • Technology and services acquisition
  • Audits and risk management
  • Design and implementation
  • Human Resources Management
  • Leadership, high level objectives
  • Monitoring and measurement
  • Operational management
  • Physical, environmental protection
  • Privacy protection (information, data)
  • Records management
  • Systems continuity
  • Technical Security

    •  

    FREE Resources

  • Information Assurance CMMI
  • IT Policy Guide
  • Compliance Acronyms
  • Compliance Definitions
  • List of Control Types
  • Terms from The Language
         of Compliance
  • Introduction to the UCF 

    • Compliance Management

    Say What You Do
    Build a Framework of IT controls, policies, and procedures

    Change Management Toolkit
    Streamline IT Changes

    Information Assurance CMMI
    CMMI harmonized and adapted to IT compliance

    Language of Compliance
    The best resource for compliance acronyms, terms, and extended definitions

    Systems and Information Classification
    The best resource for compliance acronyms, terms, and extended definitions

    The UCF includes controls from hundreds of different regulations and guidelines, including: Sarbanes-Oxley Act (SOX), Basel II, Gramm-Leach-Bliley, PCI-DSS Payment Card Industry Data Security Standard, NASD Manual, HIPAA, FERC Security Program, Uniform Electronic Transactions Act (UETA), FIPS 191, Guideline for the Analysis of LAN Security, GAO Financial Audit Manual, IRS Revenue Procedure, Federal Rules of Civil Procedure, NIST SP 800-14, ISO, OGC ITIL, CobiT 3rd Edition, CobiT 4.0, ISACA IS, ISSA, COPPA, FERPA, Turnbull Guidance, UK Data Protection Act of 1998, and German Federal Data Protection Act.
     
    View a list of currently tracked compliance documents or the list of compliance documents we plan to add soon.