News

Categories

4 new Authority Documents have been added to the UCF

June 13, 2022 | Weekly Updates

Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0

AD ID: 3462

Status: Released

Availability: Free

Citation Format: ID (Reference ID)

Document Type: Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0

Originator: PCI Security Standards Council

Parent Category: Payment Card Organizations

Effective Date: 2022-04-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 482 citations mapped to 249 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-07.

Percent (%) of Citations with multiple mandates: 16.9%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 1.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

SS2/21 Outsourcing and third party risk management

AD ID: 3467

Status: Released

Availability: Free

Citation Format: § (Legal) and ¶ (Para)

Document Type: SS2/21 Outsourcing and third party risk management

Originator: Bank of England Prudential Regulation Authority

Parent Category: Europe

Effective Date: 2022-03-31

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 562 citations mapped to 182 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-06.

Percent (%) of Citations with multiple mandates: 19.5%

Percent (%) of terms that were non-standard: 6.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 5.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161

AD ID: 3471

Status: Released

Availability: Free

Citation Format: ID (Reference ID)

Document Type: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2022-05-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1479 citations mapped to 733 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-10.

Percent (%) of Citations with multiple mandates: 15.9%

Percent (%) of terms that were non-standard: 9.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act

AD ID: 3478

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act

Originator: Utah Legislature

Parent Category: North America

Effective Date: 2023-12-31

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 154 citations mapped to 81 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-09.

Percent (%) of Citations with multiple mandates: 9.2%

Percent (%) of terms that were non-standard: 8.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

April 4, 2022 | Weekly Updates

CIS Amazon Web Services Foundations Benchmark

AD ID: 3432

Status: Released

Availability: Free

Citation Format: None

Document Type: CIS Amazon Web Services Foundations Benchmark

Originator: The Center for Internet Security

Parent Category: International

Effective Date: 2021-05-28

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 68 citations mapped to 50 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-31.

Percent (%) of Citations with multiple mandates: 1.5%

Percent (%) of terms that were non-standard: 12.50% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 8.5% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 33.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 13.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

CIS Microsoft Windows Server 2019 Benchmark

AD ID: 3433

Status: Released

Availability: Free

Citation Format: None

Document Type: CIS Microsoft Windows Server 2019 Benchmark

Originator: The Center for Internet Security

Parent Category: International

Effective Date: 2021-05-18

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 736 citations mapped to 342 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-31.

Percent (%) of Citations with multiple mandates: 0.1%

Percent (%) of terms that were non-standard: 64.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 41% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 21.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 99.5% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 22.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

StateRAMP Security Controls Baseline Summary High Sensitivity Level

AD ID: 3438

Status: Released

Availability: Free

Citation Format: Control:

Document Type: StateRAMP Security Controls Baseline Summary High Sensitivity Level

Originator: StateRAMP

Parent Category: North America

Effective Date: 2021-01-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1769 citations mapped to 764 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-03-27.

Percent (%) of Citations with multiple mandates: 11.3%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

CIS Amazon Web Services Foundations Benchmark

AD ID: 3446

Status: Released

Availability: Free

Citation Format: None

Document Type: CIS Amazon Web Services Foundations Benchmark

Originator: The Center for Internet Security

Parent Category: International

Effective Date: 2021-05-28

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 46 citations mapped to 33 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-01.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 50% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

February 7, 2022 | Weekly Updates

Insurance Data Security Model Law, NAIC MDL-668

AD ID: 2920

Status: Released

Availability: Free

Citation Format: ¶ (Numbered Paragraphs)

Document Type: Insurance Data Security Model Law, NAIC MDL-668

Originator: National Association of Insurance Commissioners

Parent Category: North America

Effective Date: Not Defined

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 181 citations mapped to 126 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-02.

Percent (%) of Citations with multiple mandates: 38.9%

Percent (%) of terms that were non-standard: 14.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Connecticut General Statutes, Title 38a, Chapter 697, Part VI, Section 38a-38, Insurance Data Security Law

AD ID: 3397

Status: Released

Availability: Free

Citation Format: § (Legal) and ¶ (Para)

Document Type: Connecticut General Statutes, Title 38a, Chapter 697, Part VI, Section 38a-38, Insurance Data Security Law

Originator: Connecticut General Assembly

Parent Category: North America

Effective Date: 2020-10-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 180 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-02.

Percent (%) of Citations with multiple mandates: 34.2%

Percent (%) of terms that were non-standard: 8.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Code of Alabama, Title 27, Chapter 62, Sections 1-11, Insurance Data Security Law

AD ID: 3399

Status: Released

Availability: Free

Citation Format: § (Legal) and ¶ (Para)

Document Type: Code of Alabama, Title 27, Chapter 62, Sections 1-11, Insurance Data Security Law

Originator: Alabama State Legislature

Parent Category: North America

Effective Date: 2019-05-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 164 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-02.

Percent (%) of Citations with multiple mandates: 40.6%

Percent (%) of terms that were non-standard: 10.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.7% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Cyber Essentials Scheme (CES) Questionnaire

AD ID: 3413

Status: Released

Availability: Free

Citation Format: ID (Reference ID)

Document Type: Cyber Essentials Scheme (CES) Questionnaire

Originator: CREST

Parent Category: Europe

Effective Date: 2021-11-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 86 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-04.

Percent (%) of Citations with multiple mandates: 17.8%

Percent (%) of terms that were non-standard: 9.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

February 15, 2021 | Weekly Updates

Department of Defense Cloud Computing Security Requirements Guide

AD ID: 3048

Status: Released

Availability: Free

Citation Format: ¶ (Numbered Paragraphs)

Document Type: Department of Defense Cloud Computing Security Requirements Guide

Originator: US Department of Defense

Parent Category: North America

Effective Date: 2017-03-06

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1003 citations mapped to 290 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-02-09.

Percent (%) of Citations with multiple mandates: 14.9%

Percent (%) of terms that were non-standard: 14.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 8.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 57.1% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53

AD ID: 3241

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2020-09-23

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 3797 citations mapped to 1322 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-02-12.

Percent (%) of Citations with multiple mandates: 10%

Percent (%) of terms that were non-standard: 10.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 7.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 26.9% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Trust Services Criteria

AD ID: 3288

Status: Released

Availability: For Purchase

Citation Format: ¶ (Numbered Paragraphs)

Document Type: Trust Services Criteria

Originator: American Institute of Certified Public Accountants

Parent Category: North America

Effective Date: 2020-03-31

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 716 citations mapped to 402 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-02-12.

Percent (%) of Citations with multiple mandates: 20.7%

Percent (%) of terms that were non-standard: 84.40% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 8.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

United States Code - 15 U.S.C. 278g-3a to 278g-3e, IoT Cybersecurity Improvement Act of 2020

AD ID: 3289

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: United States Code - 15 U.S.C. 278g-3a to 278g-3e, IoT Cybersecurity Improvement Act of 2020

Originator: US Congress

Parent Category: North America

Effective Date: Not Defined

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 27 citations mapped to 6 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-02-11.

Percent (%) of Citations with multiple mandates: 3.8%

Percent (%) of terms that were non-standard: 7.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

January 4, 2021 | Weekly Updates

Annual Financial Reporting Model Regulation, NAIC MDL-202

AD ID: 3259

Status: Released

Availability: Free

Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)

Document Type: Annual Financial Reporting Model Regulation, NAIC MDL-202

Originator: National Association of Insurance Commissioners

Parent Category: North America

Effective Date: Varies

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 187 citations mapped to 66 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-30.

Percent (%) of Citations with multiple mandates: 20.1%

Percent (%) of terms that were non-standard: 5.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 2.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 37.5% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 8.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

ITIL Foundation

AD ID: 3272

Status: Released

Availability: For Purchase

Citation Format: § (Legal)

Document Type: ITIL Foundation

Originator: AXELOS

Parent Category: International

Effective Date: Not Defined

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 107 citations mapped to 61 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-29.

Percent (%) of Citations with multiple mandates: 16%

Percent (%) of terms that were non-standard: 6.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 19.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 13.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 76.2% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Control Baselines for Information Systems and Organizations, NIST SP 800-53B

AD ID: 3278

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Control Baselines for Information Systems and Organizations, NIST SP 800-53B

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2020-10-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1042 citations mapped to 613 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-27.

Percent (%) of Citations with multiple mandates: 17.2%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 5.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Control Baselines for Information Systems and Organizations, NIST SP 800-53B

AD ID: 3279

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Control Baselines for Information Systems and Organizations, NIST SP 800-53B

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2020-10-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 711 citations mapped to 397 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-12-29.

Percent (%) of Citations with multiple mandates: 20.2%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 11.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

April 13, 2020 | Weekly Updates

FFIEC Business Continuity Planning (BCP) IT Examination Handbook

AD ID: 3105

Status: Released

Availability: Free

Citation Format: Rule (Defined Rules)

Document Type: FFIEC Business Continuity Planning (BCP) IT Examination Handbook

Originator: US Federal Financial Institutions Examination Council (FFIEC)

Parent Category: North America

Effective Date: 2019-11-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 758 citations mapped to 287 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-04-08.

Percent (%) of Citations with multiple mandates: 23.7%

Percent (%) of terms that were non-standard: 11.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 29.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Hong Kong Monetary Authority Supervisory Policy Manual SA-2 Outsourcing

AD ID: 3151

Status: Released

Availability: Free

Citation Format: ¶ (Para and Page) with Section Titles

Document Type: Hong Kong Monetary Authority Supervisory Policy Manual SA-2 Outsourcing

Originator: Hong Kong Monetary Authority

Parent Category: Asia

Effective Date: 2001-12-28

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 81 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-04-10.

Percent (%) of Citations with multiple mandates: 33.3%

Percent (%) of terms that were non-standard: 9.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 18.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Pandemic Response Planning Policy

AD ID: 3160

Status: Released

Availability: Free

Citation Format: ¶ (Para and Page) with Section Titles

Document Type: Pandemic Response Planning Policy

Originator: SANS Institute

Parent Category: Security and Privacy Organizations

Effective Date: 2020-03-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 51 citations mapped to 28 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-04-06.

Percent (%) of Citations with multiple mandates: 11.4%

Percent (%) of terms that were non-standard: 16.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 23.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 33.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Cybersecurity Maturity Model Certification

AD ID: 3166

Status: Released

Availability: Free

Citation Format: Control:

Document Type: Cybersecurity Maturity Model Certification

Originator: US Department of Defense

Parent Category: North America

Effective Date: 2020-04-07

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 199 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2020-04-08.

Percent (%) of Citations with multiple mandates: 20.5%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

June 24, 2019 | Weekly Updates

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53

AD ID: 1374

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2013-04-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 2345 citations mapped to 741 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-06-18.

Percent (%) of Citations with multiple mandates: 1%

Percent (%) of terms that were non-standard: 9.50% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 7.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline

AD ID: 1913

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2013-04-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 762 citations mapped to 255 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-06-18.

Percent (%) of Citations with multiple mandates: 1.3%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 2.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline

AD ID: 1914

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2013-04-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1069 citations mapped to 376 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-06-18.

Percent (%) of Citations with multiple mandates: 1.1%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline

AD ID: 1915

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2013-04-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1249 citations mapped to 429 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-06-18.

Percent (%) of Citations with multiple mandates: 1.1%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

News

Categories

4 new Authority Documents have been added to the UCF

March 4, 2019 | Weekly Updates

Digital Identity Guidelines: Federation and Assertions

AD ID: 2953

Status: Released

Availability: Free

Citation Format: ¶ (Numbered Paragraphs)

Document Type: Digital Identity Guidelines: Federation and Assertions

Originator: US National Institute of Standards and Technology

Parent Category: North America

Effective Date: 2017-06-01

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 224 citations mapped to 82 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-02-27.

Percent (%) of Citations with multiple mandates: 13.3%

Percent (%) of terms that were non-standard: 6.80% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 4.7% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 90% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 20.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Colorado Code of Regulations, Section 702-6, Consumer Protection (General)

AD ID: 2975

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Colorado Code of Regulations, Section 702-6, Consumer Protection (General)

Originator: Colorado Department of Regulatory Agencies

Parent Category: North America

Effective Date: 2015-10-15

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 309 citations mapped to 60 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-02-25.

Percent (%) of Citations with multiple mandates: 10.1%

Percent (%) of terms that were non-standard: 18.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 43.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Colorado Revised Statutes, Title 6, Consumer and Commercial Affairs, Fair Trade and Restraint of Trade, Article 1, Colorado Consumer Protection Act

AD ID: 2977

Status: Released

Availability: Free

Citation Format: § (Legal)

Document Type: Colorado Revised Statutes, Title 6, Consumer and Commercial Affairs, Fair Trade and Restraint of Trade, Article 1, Colorado Consumer Protection Act

Originator: Colorado State Legislature

Parent Category: North America

Effective Date: Not Defined

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 118 citations mapped to 45 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-02-28.

Percent (%) of Citations with multiple mandates: 6.4%

Percent (%) of terms that were non-standard: 45.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 5.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.7% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

Financial Services Sector Cybersecurity Profile

AD ID: 2980

Status: Released

Availability: Free

Citation Format: None

Document Type: Financial Services Sector Cybersecurity Profile

Originator: Financial Services Sector Coordinating Council

Parent Category: North America

Effective Date: 2018-10-25

Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 700 citations mapped to 336 UCF Common Control IDs. The document as a whole was last reviewed and released on 2019-02-25.

Percent (%) of Citations with multiple mandates: 30.8%

Percent (%) of terms that were non-standard: 13.50% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 20.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 33.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.