UCF’s New Interchange Format: the Smartest GRC Solution at RSA 2014

February 24, 2014 | News/Articles

San Francisco, CA February 24 2014; Unified Compliance, the premier provider of IT compliance mapping and creators of the Unified Compliance Framework® (UCF), will be demonstrating its UCFinterchange (UCFi) at the RSA Conference 2014 this week in San Francisco.

The UCFi is the first and only solution to fully integrate critical legal and technical data to meet the needs of both compliance officials and IT experts. Using UCFi, Secure Configuration Management (SCM) and Configuration Auditing (CA) tools communicate directly with Governance, Risk, and Compliance (GRC) tools, breaking down the walls between compliance and security systems.

Built on the patented, award-winning Unified Compliance Framework, the UCFi also marries technical controls (such as machine configuration settings) to automated audit mechanisms. This allows for the complete automation of continuous monitoring, reporting, and audit data collection.

Security guidelines such as FedRAMP, CAESARS, and SAIR Tier III in the US, as well as an increasing number of global cybersecurity initiatives such as the BSI Act in Germany and CIP/CIIP in Australia, all call for Secure Configuration Management (SCM) and Configuration Auditing (CA) tools to communicate directly with Governance, Risk, and Compliance (GRC) tools. The UCFinterchange (UCFi) format facilitates this communication.

“We built an intelligent interchange platform to outpace the newest and still-emerging security and GRC guidelines. All indications point to the fact that full integration across GRC, SCM, and CA tools will soon become a mandate, so creating a solution to address this issue was the obvious next step for us,” says Craig Isaacs, CEO of Unified Compliance Framework.

“Our partners and clients rely on us to provide unique solutions that reduce complexity and cost,” added Isaacs. “When UCF developers leverage UCFi, their customers will be able to automatically track the changes required by new or updated laws, automatically apply any audits to any systems in the enterprise, and then maintain those audits through continuous monitoring.”

See UCFi in Action at RSA 2014

The UCFi will be demonstrated in our partners’ GRC solutions. To see a demo, please visit LockPath (booth #238), MetricStream (booth #101) and Net IQ®(booth #1409) at the RSA conference. To arrange for a briefing, please contact Kerry MacInnes (

“The UCF has become an integral part of GRC initiatives. As Unified Compliance continues to innovate, its UCFi format will enable GRC platforms like Keylight to form a deeper and more meaningful relationship within GRC ecosystems,” said Chris Caldwell, LockPath CEO. “This important context will benefit our customers who have adopted the UCF by providing powerful data correlation, enabling them to make better and faster business decisions."

“When deploying a GRC solution, mapping policy and regulatory requirements to security configurations for continuous monitoring requires significant effort. UCFi provides the first standards based approach where security configurations can be directly mapped back to policy and regulatory requirements in an automated manner,” said Vasant Balasubramanian, VP of Product Management at MetricStream.

“Given the complexity of today’s IT environments and regulatory landscape, IT organizations need visibility—derived from consistent, actionable intelligence—so that they can accurately report on business risk,” commented Matthew Ulery, Senior Director, Product Management at NetIQ. “Participating in the UCFinterchange ensures that we further our mission of helping IT demonstrate business value in a consistent manner across the IT domain. By standardizing how we report data the business uses to make decisions, organizations will be in a more advantageous position to manage risk, better understand security, and meet compliance demands.”

Qualys®, RSA Archer®, Allgress, BWise®, CAaNES®, eGestalt Technologies, Lumension®, TraceSecurity, and Wolters Kluwer have also voiced support for UCFi.

About Unified Compliance and the UCF

Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. More information can be found at

About the Science of Compliance

By applying the scientific method to compliance — rigorously testing best practices and methodologies as well as analyzing and organizing information into a rational format — Unified Compliance has developed a logical approach to IT compliance that reduces cost, limits liability, simplifies the compliance process and leverages the value of related technologies and services across the enterprise.

About LockPath

LockPath solves the most complex problems involving governance, risk management and compliance programs. Experience from working with companies of all sizes has shaped the Keylight platform into an effective solution for top professionals seeking clearer points-of-view and streamlined processes. The Keylight platform empowers organizations to make better and faster business decisions by connecting people, processes, and technology.

About MetricStream

MetricStream is a market leader in Enterprise-wide Governance, Risk, and Compliance (GRC) Management Solutions for global corporations. MetricStream solutions are used by leading corporations in diverse industries such as Financial Services, Healthcare, Life Sciences, Energy and Utilities, Food, Retail, CPG, Government, Hi-tech and Manufacturing to manage their information security and risk management programs, business continuity programs, regulatory and industry-mandated compliance and corporate governance initiatives, as well as several million compliance professionals worldwide via the portal. MetricStream is headquartered in Palo Alto, California and can be reached at

About NetIQ®

NetIQ is a global, enterprise software company with a relentless focus on customer success. Our portfolio includes scalable, automated solutions for Identity, Security, Access, Governance, Systems and Application, Service, and Workload Management that help organizations securely deliver, measure and manage computing services across physical, virtual and cloud computing environments.