|
For Immediate Release
Contact:
Craig Isaacs
New Unified Compliance Framework Q3 Release Harmonizes Over 2700 New Controls and Incorporates Specific Audit Guidance
UCF Methodology Reinforced by House Resolution 4008: Credit and Debit Card Receipt Clarification Act of 2007 on Credit Card Expiration Dates OAKLAND, CA -- July 16, 2008 -- Network Frontiers, the leader in IT regulatory compliance management, today announced the availability of the Q3 2008 Unified Compliance Framework (UCF), the first independent database to simplify IT compliance. The latest version of UCF highlights the addition of numerous new regulations and standards, including Fair and Accurate Credit Transactions Act (FACTA), Federal Financial Institutions Examination Council (FFIEC) and Fair Credit Reporting Act. UCF acts as the cornerstone of IT compliance, mapping hundreds of regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, and NIST, into a master hierarchal framework. "We are engaged with an accounting firm that owns several entities requiring them to be compliant with HIPAA, FFIEC, SOX and GLBA," said Christopher Hannan, owner of Optimal Technologies, LLC. "In order to for us to provide their compliance auditing and consulting, we needed a cost effective and easy way to organize their compliance obligations. After evaluating several products we found that the UCF not only met our needs, but exceeded them with a broad range of compliance areas." FACTA, PCI DSS, and H.R. 4008 Recent discrepancies surrounding Fair and Accurate Credit Transactions Act (FACTA) and PCI DSS have shed light on the importance of creating a methodology to interpret authority documents into measurable controls. The parameters of FACTA and PCI DSS conflicted in protecting consumer identity by masking different sections of a consumer's Payment Application Number (PAN). Despite this discrepancy, consumers were fully protected under each regulation. However, the problem existed because the regulations were interpreted based on what specific elements of consumer data needed to be protected rather than focusing on the demonstrative result of protected data. H.R. 4008 clarifies FACTA and reinforces the UCF's focus on controls and end results rather than the different parameters of sometimes conflicting or ambiguous legislation. New UCF Q3 2008 Release Network Frontiers examined 2,724 unique controls within 31 authority documents for the latest release of the UCF. Due to the UCF's harmonized methodology, only five new controls were required. In addition to the new controls, the new UCF augmented 695 existing controls with specific audit guidance and updated 777 individual controls. "UCF looks at an organization's authority documents, puts them into context with one another, and creates a unified, cohesive product that makes the compliance process easier to understand and manage," said Dorian Cougias, UCF lead analyst. New and updated authority documents now in the UCF include FACTA, FCRA, FFIEC IT Examination Handbooks, Gramm Leach Bliley Act, NIST 800 53A, ISO 18045 2005, PCI PA DSS Audit Procedures, and more. About the UCF The Unified Compliance Framework is the first independent initiative to exclusively support IT compliance management by focusing on commonalities across regulations, standards-based development, and simplified architectures. Unified Compliance's strategic approach to IT compliance reduces cost, limits liability. The UCF's strategic approach simplifies compliance and standards, reduces cost, limits liability, and leverages the value of compliance-related technologies through a harmonized set of controls against which all regulatory standards and best practices can be mapped. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Latham and Watkins, which oversees all legal aspects of the UCF. More information can be found at www.unifiedcompliance.com. About Network Frontiers Since 1992, Network Frontiers has been at the forefront of IT best practices and author of numerous books, including The Compliance Book and the award-winning Backup Book: Disaster Recovery from Desktop to Data Center. The content and methodology of the Unified Compliance Framework is the result of Network Frontiers in-depth understanding of IT regulations and standards as well as real-world experience consulting for clients, publications, and vendors in the mission-critical IT arena. For more information, visit www.netfrontiers.com. # # # |
New UCF Release Harmonizes 2700+ New Controls & Incorporates Specific Audit Guidance