Everyone Can Map Regulations and Standards Directly Into the UCF

February 8, 2017 | News/Articles

Soon to Be Released UCF Mapper Allows Governance Teams to Add Authority Documents into the Unified Compliance Framework

Unified Compliance, the premier provider of compliance mapping and creators of the Unified Compliance Framework® (UCF®) and the Common Controls Hub™ (CCH), today announced UCF Mapper™. Governance professionals can now map regulations relevant to their industries into the Unified Compliance Framework using the same patented process Unified Compliance’s own mappers use.

UCF Mapper allows organizations to scope their compliance programs to support their unique business processes and add in regulations and standards relevant to their organizations that are not currently available in the UCF. Demonstrations are available at the RSA Cybersecurity Conference, being held February 13-17, 2017 at Moscone Center in San Francisco; to schedule an appointment and a 1-on-1 demo, call 510.962.5195 or send us an e-mail through our contact form

"As a key partner, MetricStream looks forward to the release of UCF Mapper, which will ensure that customers' local legal requirements are provided in the Unified Compliance Framework through their Common Controls Hub account,” Vasant Balasubramanian, Senior Vice President of Product Management at MetricStream said. “This will help streamline and simplify end-to-end compliance processes."

Robert Dyson, Partner, Global Security Services – Consulting Global Lead, Risk Management and Compliance, IBM Security said, “IBM Global Services has leveraged the Unified Compliance Framework in several key accounts. UCF Mapper is great for our clients, because we’ll be able to customize our clients’ Common Controls to meet requirements not available through the standard Unified Compliance Framework.”

“Businesses, organisations and information security professionals face increasing legal and regulatory challenges and requirements to prove their compliance. UCF Mapper gives organisations and individuals the opportunity to provide local requirements for global compliance in the UCF for their organizations and clients,” said Adrian Davis, (ISC)², Inc Regional Managing Director, EMEA Region.

“The capacity to tie specific business use context to compliance rules is the only way to assure that evidence collection meet a business’ legal requirement. This capability is paramount to the effective use of any control framework. With UCF Mapper, a company can use that same evidence in multiple audits, which is the unique and added value in working with the Unified Compliance Framework model,” said Robin Basham, CEO, EnterpriseGRC.

Authority Document Availability

The mapping organization may control access and distribution of any Authority Document they add to the Unified Compliance Framework by tagging it for public availability or private use only. To maintain the quality of Unified Compliance’s mapping, all public ADs to be added to the UCF will be approved by UCF staff and our lawyers.

New, mapped Authority Documents will be visible in the organization’s Common Controls Hub and could be included on CCH Authority Document Lists. Authority Document Lists can be shared via the API with popular compliance management software, exported into custom spreadsheets and compliance templates, and/or shared with other organizations, including suppliers.


Subscribers to the Common Controls Hub can acquire the UCF Mapper as a $5000 add-on.


Each Authority Document mapped requires three roles: a mapper, a reviewer, and an approver; all three roles can be connected to a single Common Controls Hub account, and each must have a Common Controls Hub login for that account.

Mappers, reviewers and approvers will take UCF Mapper training and receive a UCF-M certificate. Training will be provided by (ISC)2 and will be available for $2700 for each mapper, reviewer, and approver. Eight CPE credits will be offered.

Mapping Participation

Organizations with mappers who have gone through the training will be able to participate in mapping regulations into the UCF in several different ways: as individual contributors as part of the UCF mapping team and paid directly by Unified Compliance, as consultants where their clients will pay them directly, as organizations who provide mapped documents to other organizations for a fee, or organizations may choose to share documents for free to either a limited audience or make them available to everyone.


About Unified Compliance and the UCF

Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF.

Honored twice with a GRC Innovation Award for Technical Innovation in Regulatory Intelligence for Compliance Management by independent governance, risk, and compliance (GRC) analyst firm, GRC 20/20 Research, the Unified Compliance Framework® via the Common Controls Hub™ SaaS front end provides targeted, harmonized research on what an organization needs to do — and not do — to achieve and maintain compliance with industry, government, and best practice demands.

The UCF’s architecture was specifically designed for the delivery of all of the information necessary to establish governance methodologies. Customers using the UCF data via the Common Controls Hub™, can document and leverage the links between harmonized controls, records, assets (and their configurations), events, metrics, and roles.

More information can be found at and