The UCF weathers the compliance storm.

Weather the Compliance Storm

The Unified Compliance Framework reduces the regulatory tornado to a much smaller set of harmonized controls, giving you a single point of control over hundreds of complex compliance requirements from around the world.

Meeting your compliance requirements has never been this straightforward.

See the UCF controls for free or watch a short introduction. 

News & Events

New UCF Incorporates Audit Guidance
Latest UCF release also harmonizes over 2700 controls within 31 authority documents

OCEG and UCF
OCEG and Network Frontiers announce partnership to offer UCF to OCEG members

UCF Sets XML Schema Standard
UCF Schemas Simplify and Standardize Data Interchange between Applications, Organizations, and Content Sources

UCF Adds Configuration Management
Latest UCF release includes cross platform configuration management controls

PCI SAQ v1.1 Harmonized into the UCF
Payment Card Industry Security Standards Council "Self Assessment Questionnaire" version 1.1 integrated into the UCF

Partners

The UCF is included in products by leading compliance vendors, including:

Become a partner or include your solution in the UCF.

Featured Product

Unified Compliance Framework

The UCF harmonizes controls across hundreds of different regulations: comply with a given rule once and attest to the control for many different regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, NIST and hundreds more.

View a complete list of Authority Documents in the UCF.

The UCF organizes real-world IT processes into 12 IT Impact Zones. Each deals with one area of policies, standards, and procedures.

The UCF 12 IT Impact Zones

  • Technology and services acquisition
  • Audits and risk management
  • Design and implementation
  • Human Resources Management
  • Leadership, high level objectives
  • Monitoring and measurement
  • Operational management
  • Physical, environmental protection
  • Privacy protection (information, data)
  • Records management
  • Systems continuity
  • Technical Security

    •  

    FREE Resources

  • Information Assurance CMMI
  • IT Policy Guide
  • Compliance Acronyms
  • Compliance Definitions
  • List of Control Types
  • Terms from The Language
         of Compliance
  • Introduction to the UCF 

    • Compliance Management

    Say What You Do
    Build a Framework of IT controls, policies, and procedures

    Change Management Toolkit
    Streamline IT Changes

    Information Assurance CMMI
    CMMI harmonized and adapted to IT compliance

    Language of Compliance
    The best resource for compliance acronyms, terms, and extended definitions

    Systems and Information Classification
    The best resource for compliance acronyms, terms, and extended definitions

    The UCF includes controls from hundreds of different regulations and guidelines, including: Sarbanes-Oxley Act (SOX), Basel II, Gramm-Leach-Bliley, PCI-DSS Payment Card Industry Data Security Standard, NASD Manual, HIPAA, FERC Security Program, Uniform Electronic Transactions Act (UETA), FIPS 191, Guideline for the Analysis of LAN Security, GAO Financial Audit Manual, IRS Revenue Procedure, Federal Rules of Civil Procedure, NIST SP 800-14, ISO, OGC ITIL, CobiT 3rd Edition, CobiT 4.0, ISACA IS, ISSA, COPPA, FERPA, Turnbull Guidance, UK Data Protection Act of 1998, and German Federal Data Protection Act.
     
    View a list of currently tracked compliance documents or the list of compliance documents we plan to add soon.