News

3 new Authority Documents have been added to the UCF

May 23, 2022 | Weekly Updates

ISO 14004:2016, Environmental management systems -- General guidelines on implementation
AD ID: 3451
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: ISO 14004:2016, Environmental management systems -- General guidelines on implementation
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2016-03-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 584 citations mapped to 114 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-05-16.

Percent (%) of Citations with multiple mandates: 17.2%

Percent (%) of terms that were non-standard: 6.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 68% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO 22301:2019, Security and resilience -- Business continuity management systems -- Requirements
AD ID: 3454
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO 22301:2019, Security and resilience -- Business continuity management systems -- Requirements
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-10-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 423 citations mapped to 173 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-05-16.

Percent (%) of Citations with multiple mandates: 13.5%

Percent (%) of terms that were non-standard: 7.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Self-Assessment Questionnaire P2PE and Attestation of Compliance for use with PCI DSS Version 4.0
AD ID: 3463
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Self-Assessment Questionnaire P2PE and Attestation of Compliance for use with PCI DSS Version 4.0
Originator: PCI Security Standards Council
Parent Category: Payment Card Organizations
Effective Date: 2022-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 88 citations mapped to 48 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-05-15.

Percent (%) of Citations with multiple mandates: 26.1%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

April 25, 2022 | Weekly Updates

ISO/IEC 27701:2019, Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines
AD ID: 3020
Status: Released
Availability: For Purchase
Citation Format: ¶ (Para and Page)
Document Type: ISO/IEC 27701:2019, Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-08-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 242 citations mapped to 65 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-21.

Percent (%) of Citations with multiple mandates: 10.9%

Percent (%) of terms that were non-standard: 11.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.5% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 13.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
AD ID: 3429
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 417 citations mapped to 95 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-21.

Percent (%) of Citations with multiple mandates: 6.5%

Percent (%) of terms that were non-standard: 58.40% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


16 CFR Part 314, Standards for Safeguarding Customer Information, Final Rule, Amended February 15, 2022
AD ID: 3449
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: 16 CFR Part 314, Standards for Safeguarding Customer Information, Final Rule, Amended February 15, 2022
Originator: US Federal Trade Commission
Parent Category: North America
Effective Date: 2022-02-15
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 94 citations mapped to 79 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-21.

Percent (%) of Citations with multiple mandates: 41.8%

Percent (%) of terms that were non-standard: 5.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

March 14, 2022 | Weekly Updates

Mississippi Code Annotated, Title 83, Chapter 5, Article 11, Sections 801 - 825, Insurance Data Security Law
AD ID: 3395
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Mississippi Code Annotated, Title 83, Chapter 5, Article 11, Sections 801 - 825, Insurance Data Security Law
Originator: Mississippi State Legislature
Parent Category: North America
Effective Date: 2019-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 164 citations mapped to 122 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-09.

Percent (%) of Citations with multiple mandates: 43%

Percent (%) of terms that were non-standard: 14.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Ohio Revised Code, Title 39, Chapter 3965, Sections 1-11, Cybersecurity Requirements For Insurance Companies
AD ID: 3407
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Ohio Revised Code, Title 39, Chapter 3965, Sections 1-11, Cybersecurity Requirements For Insurance Companies
Originator: Ohio State General Assembly
Parent Category: North America
Effective Date: 2019-03-20
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 179 citations mapped to 125 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-08.

Percent (%) of Citations with multiple mandates: 39.6%

Percent (%) of terms that were non-standard: 13.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


SO/IEC 27005:2018, Information Technology -- Security Techniques -- Information Security Risk Management
AD ID: 3431
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: SO/IEC 27005:2018, Information Technology -- Security Techniques -- Information Security Risk Management
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2018-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 148 citations mapped to 47 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-10.

Percent (%) of Citations with multiple mandates: 13.6%

Percent (%) of terms that were non-standard: 5.50% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

February 14, 2022 | Weekly Updates

Insurance Data Security Model Law, NAIC MDL-668
AD ID: 2920
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: Insurance Data Security Model Law, NAIC MDL-668
Originator: National Association of Insurance Commissioners
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 181 citations mapped to 126 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-11.

Percent (%) of Citations with multiple mandates: 38.9%

Percent (%) of terms that were non-standard: 14.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 1.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Delaware Code, Title 18, Chapter 86, Sections 8601-8611, Insurance Data Security Act
AD ID: 3410
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Delaware Code, Title 18, Chapter 86, Sections 8601-8611, Insurance Data Security Act
Originator: Delaware General Assembly
Parent Category: North America
Effective Date: 2019-07-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 204 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-11.

Percent (%) of Citations with multiple mandates: 30.6%

Percent (%) of terms that were non-standard: 9.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO 14005:2019, Environmental management systems -- Guidelines for a flexible approach to phased implementation, Second Edition
AD ID: 3424
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO 14005:2019, Environmental management systems -- Guidelines for a flexible approach to phased implementation, Second Edition
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-05-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 170 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-09.

Percent (%) of Citations with multiple mandates: 16%

Percent (%) of terms that were non-standard: 2.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 78.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

September 27, 2021 | Weekly Updates

ISO/IEC 27701:2019, Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines
AD ID: 3020
Status: Released
Availability: For Purchase
Citation Format: ¶ (Para and Page)
Document Type: ISO/IEC 27701:2019, Security techniques - Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management - Requirements and guidelines
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-08-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 242 citations mapped to 65 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-09-21.

Percent (%) of Citations with multiple mandates: 10.9%

Percent (%) of terms that were non-standard: 11.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.5% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Trust Services Criteria
AD ID: 3288
Status: Released
Availability: For Purchase
Citation Format: ¶ (Numbered Paragraphs)
Document Type: Trust Services Criteria
Originator: American Institute of Certified Public Accountants
Parent Category: North America
Effective Date: 2020-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 716 citations mapped to 401 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-09-21.

Percent (%) of Citations with multiple mandates: 20.7%

Percent (%) of terms that were non-standard: 84.40% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO 19011:2018, Guidelines for auditing management systems
AD ID: 3334
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO 19011:2018, Guidelines for auditing management systems
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2018-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 728 citations mapped to 124 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-09-21.

Percent (%) of Citations with multiple mandates: 17.6%

Percent (%) of terms that were non-standard: 7.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 14.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 21.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

July 5, 2021 | Weekly Updates

Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2)
AD ID: 3292
Status: Released
Availability: For Purchase
Citation Format: § (Legal)
Document Type: Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2)
Originator: American Institute of Certified Public Accountants
Parent Category: North America
Effective Date: 2018-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 2424 citations mapped to 413 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-06-28.

Percent (%) of Citations with multiple mandates: 25.7%

Percent (%) of terms that were non-standard: 9.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 4.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 34.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 61.1% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 6.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components
AD ID: 3319
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components
Originator: International Society of Automation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1354 citations mapped to 218 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-07-01.

Percent (%) of Citations with multiple mandates: 5.2%

Percent (%) of terms that were non-standard: 5.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


CIS Controls
AD ID: 3323
Status: Released
Availability: With Membership
Citation Format: Control:
Document Type: CIS Controls
Originator: The Center for Internet Security
Parent Category: Security and Privacy Organizations
Effective Date: 2021-05-18
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 430 citations mapped to 285 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-06-30.

Percent (%) of Citations with multiple mandates: 54.7%

Percent (%) of terms that were non-standard: 8.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 2.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 56.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.7% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

March 29, 2021 | Weekly Updates

Cybersecurity Maturity Model Certification, Version 1.0, Level 5
AD ID: 3094
Status: Released
Availability: Free
Citation Format: Control:
Document Type: Cybersecurity Maturity Model Certification, Version 1.0, Level 5
Originator: US Department of Defense
Parent Category: North America
Effective Date: 2020-02-03
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 220 citations mapped to 181 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-23.

Percent (%) of Citations with multiple mandates: 21.6%

Percent (%) of terms that were non-standard: 54.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Cybersecurity Maturity Model Certification
AD ID: 3166
Status: Released
Availability: Free
Citation Format: Control:
Document Type: Cybersecurity Maturity Model Certification
Originator: US Department of Defense
Parent Category: North America
Effective Date: 2020-04-07
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 199 citations mapped to 165 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-23.

Percent (%) of Citations with multiple mandates: 20.5%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Cybersecurity Maturity Model Certification
AD ID: 3172
Status: Released
Availability: Free
Citation Format: Control:
Document Type: Cybersecurity Maturity Model Certification
Originator: US Department of Defense
Parent Category: North America
Effective Date: 2020-04-09
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 160 citations mapped to 138 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-23.

Percent (%) of Citations with multiple mandates: 17.8%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

March 15, 2021 | Weekly Updates

Guide to Industrial Control Systems (ICS) Security
AD ID: 3283
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Guide to Industrial Control Systems (ICS) Security
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2015-05-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 3985 citations mapped to 895 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-08.

Percent (%) of Citations with multiple mandates: 15.1%

Percent (%) of terms that were non-standard: 90.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 30.8% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018
AD ID: 3290
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: California Civil Code Division 3 Part 4 Title 1.81.5 California Consumer Privacy Act of 2018
Originator: California Legislature
Parent Category: North America
Effective Date: 2020-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 222 citations mapped to 83 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-08.

Percent (%) of Citations with multiple mandates: 31.7%

Percent (%) of terms that were non-standard: 24.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 22.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


India Information Technology Act 2008
AD ID: 3295
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: India Information Technology Act 2008
Originator: Parliament of India
Parent Category: Asia
Effective Date: 2008-12-23
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 100 citations mapped to 23 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-03-08.

Percent (%) of Citations with multiple mandates: 1%

Percent (%) of terms that were non-standard: 0.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 21% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 33.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

December 28, 2020 | Weekly Updates

Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161
AD ID: 3260
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Supply Chain Risk Management Practices for Federal Information Systems and Organizations, NIST Special Publication 800-161
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2015-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1258 citations mapped to 661 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-23.

Percent (%) of Citations with multiple mandates: 14.1%

Percent (%) of terms that were non-standard: 95.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Control Baselines for Information Systems and Organizations, NIST SP 800-53B
AD ID: 3275
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Control Baselines for Information Systems and Organizations, NIST SP 800-53B
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2020-10-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1471 citations mapped to 778 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-23.

Percent (%) of Citations with multiple mandates: 15.3%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Control Baselines for Information Systems and Organizations, NIST SP 800-53B
AD ID: 3278
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Control Baselines for Information Systems and Organizations, NIST SP 800-53B
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2020-10-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1042 citations mapped to 613 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-27.

Percent (%) of Citations with multiple mandates: 17.2%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 5.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

July 20, 2020 | Weekly Updates

ISO/DIS 37301, Compliance management systems -- Requirements with guidance for use
AD ID: 3188
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: ISO/DIS 37301, Compliance management systems -- Requirements with guidance for use
Originator: International Organization for Standardization
Parent Category: International
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 406 citations mapped to 173 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-07-15.

Percent (%) of Citations with multiple mandates: 11.7%

Percent (%) of terms that were non-standard: 15.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 13.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 47.1% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


HIPAA HCFA Internet Security Policy
AD ID: 3200
Status: Released
Availability: Free
Citation Format: ¶ (Para and Page)
Document Type: HIPAA HCFA Internet Security Policy
Originator: US Centers for Medicare and Medicaid Services
Parent Category: North America
Effective Date: 1998-11-24
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 37 citations mapped to 25 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-07-16.

Percent (%) of Citations with multiple mandates: 23.1%

Percent (%) of terms that were non-standard: 9.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 2.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress
AD ID: 3201
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th Congress
Originator: US Congress
Parent Category: North America
Effective Date: 1997-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 77 citations mapped to 32 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-07-14.

Percent (%) of Citations with multiple mandates: 11.9%

Percent (%) of terms that were non-standard: 14.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

December 30, 2019 | Weekly Updates

Singapore Personal Data Protection Act 2012 (No. 26 of 2012)
AD ID: 2459
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Singapore Personal Data Protection Act 2012 (No. 26 of 2012)
Originator: Parliament of Singapore
Parent Category: Asia
Effective Date: Varies
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 357 citations mapped to 105 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-12-27.

Percent (%) of Citations with multiple mandates: 2.6%

Percent (%) of terms that were non-standard: 15.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8
AD ID: 3047
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8
Originator: US Federal Bureau of Investigation
Parent Category: North America
Effective Date: 2019-06-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1192 citations mapped to 434 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-12-24.

Percent (%) of Citations with multiple mandates: 20.5%

Percent (%) of terms that were non-standard: 6.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 10.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


APRA Prudential Practice Guide 234: Management of security risk in information and information technology
AD ID: 3068
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: APRA Prudential Practice Guide 234: Management of security risk in information and information technology
Originator: Australian Prudential Regulation Authority
Parent Category: Australia-Oceania
Effective Date: 2013-05-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 425 citations mapped to 279 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-12-27.

Percent (%) of Citations with multiple mandates: 32.2%

Percent (%) of terms that were non-standard: 12.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

August 5, 2019 | Weekly Updates

Risk Management Framework for Information Systems and Organizations, A System Life Cycle Approach for Security and Privacy, NIST SP 800-37
AD ID: 3013
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Risk Management Framework for Information Systems and Organizations, A System Life Cycle Approach for Security and Privacy, NIST SP 800-37
Originator: US National Institute of Standards and Technology
Parent Category: International
Effective Date: 2018-12-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 93 citations mapped to 14 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-07-29.

Percent (%) of Citations with multiple mandates: 40%

Percent (%) of terms that were non-standard: 5.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 120.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 20.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 21.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO 27799:2016 Health informatics -- Information security management in health using ISO/IEC 27002
AD ID: 3014
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: ISO 27799:2016 Health informatics -- Information security management in health using ISO/IEC 27002
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2016-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 419 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-08-02.

Percent (%) of Citations with multiple mandates: 6.8%

Percent (%) of terms that were non-standard: 16.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 44.4% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Brazilian Law No. 13709, of August 14, 2018
AD ID: 3015
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Brazilian Law No. 13709, of August 14, 2018
Originator: National Congress of Brazil
Parent Category: South America
Effective Date: 2020-02-15
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 252 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-08-01.

Percent (%) of Citations with multiple mandates: 17.8%

Percent (%) of terms that were non-standard: 5.40% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 25.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

3 new Authority Documents have been added to the UCF

April 27, 2019 | Weekly Updates

Appendix B of OCC 12 CFR Part 30, Safety and Soundness Standards
AD ID: 15
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Appendix B of OCC 12 CFR Part 30, Safety and Soundness Standards
Originator: US Office of the Comptroller of the Currency (OCC)
Parent Category: North America
Effective Date: 1995-07-10
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 144 citations mapped to 69 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-03-11.

Percent (%) of Citations with multiple mandates: 34.1%

Percent (%) of terms that were non-standard: 4.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 32.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 18.7% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


12 CFR Part 748, NCUA Guidelines for Safeguarding Member Information
AD ID: 61
Status: Released
Availability: Free
Citation Format: ¶ (Para and Page)
Document Type: 12 CFR Part 748, NCUA Guidelines for Safeguarding Member Information
Originator: US National Credit Union Administration
Parent Category: North America
Effective Date: 2001-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 162 citations mapped to 86 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-03-13.

Percent (%) of Citations with multiple mandates: 30%

Percent (%) of terms that were non-standard: 2.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 1.9% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 14.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 60% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Supplement to Authentication in an Internet Banking Environment
AD ID: 2982
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: Supplement to Authentication in an Internet Banking Environment
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 61 citations mapped to 23 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-03-27.

Percent (%) of Citations with multiple mandates: 20%

Percent (%) of terms that were non-standard: 17.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


News

2 new Authority Documents have been added to the UCF

July 30, 2018 | Weekly Updates

CobiT
AD ID: 102
Status: Released
Availability: With Membership
Citation Format: ID (Reference ID)
Document Type: CobiT
Originator: ISACA
Parent Category: International
Effective Date: 2007-04-19
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 872 citations mapped to 443 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-07-16.

Percent (%) of Citations with multiple mandates: 59.8%

Percent (%) of terms that were non-standard: 10.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 9% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 25.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 31.8% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


ISO 31000 Risk management - Guidelines
AD ID: 2936
Status: Released
Availability: For Purchase
Citation Format: § (Legal)
Document Type: ISO 31000 Risk management - Guidelines
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2018-02-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 261 citations mapped to 91 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-07-18.

Percent (%) of Citations with multiple mandates: 32.7%

Percent (%) of terms that were non-standard: 5.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 30.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 4.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.