GRC citations imported from UCF

You can download and import citations from a Unified Compliance Framework (UCF) authority document.

Note: For more information on Unified Compliance Framework (UCF), see https://www.unifiedcompliance.com/.
In UCF terminology, a citation record is referred to as an instance of guidance. Each guidance instance has a unique reference number attached to it that groups one or more instances into a citation. When you import a UCF authority document into the GRC application, the system lists them by their reference numbers. UCF citations are imported into the Authoritative Source Content [grc_authoritative_src_content] table and can have duplicate reference numbers. For a description of fields in the Citation form not related to a UCF import, see Creating Citations. For details about importing citations, see UCF authority document import process.
Warning: Fields imported from UCF are read-only, and their values should be protected for data continuity and accuracy. Do not customize fields to allow UCF data to be edited. Use the Additional information field to display any additional details or specifications for this UCF entity that are unique to your organization, while preserving the original citation from UCF.

Citation example

Table 1. UCF fields in a citation form
Field Description
Reference UCF reference number for this citation. Duplicate reference numbers are possible in UCF data.
Name Not used for UCF citations
Source Source of the data for this citation. UCF is the source of all citations imported from UCF authority documents.
Source ID Internal unique UCF identifier of the citation guidance for this citation.
Source version Version of the UCF authority document that is the source file for this citation. Previous versions of this citation are listed in the Other versions related list.
Type Type of citation created. This is an optional field and is not used for any processing. You can use the value in this field in reports or to query for records of a specific type.
Authority document Name of the UCF authority document for this citation. When you import UCF authority documents, the system completes this field with the appropriate authority document.
Pertinent Indicates if this citation is relevant to your organization. By default, this check box is selected and has a value of True. Clear this check box to mark this citation as not pertinent to your organization and to prevent it from appearing in compliance reporting. Components marked as not pertinent are unavailable for the calculated links that enable results to rollup for any GRC hierarchy.
Version [Read-only] Version number for previous versions of this citation. This value is a simple integer that is incremented by the system each time the UCF citation is updated. This number is not the same as the UCF Source version. The Version field is hidden when the current version of the record is displayed. You can view all available versions by selecting records from the Other Versions related list. For more information, see GRC citations imported from UCF .
Guidance [Read-only] The citation imported as UCF Citation Guidance. Since multiple UCF citation records can have the same reference number, this string identifies this specific citation.
Additional information Information of any type that is pertinent to this citation This field is not used for any processing.

UCF citation versions

The ServiceNow system creates a new version of the citation each time a new UCF authority document is imported into GRC. When a new version is created, the system adds the previous version to the Other versions related list in the Control form. These records are used for reference only and provide a history of how each previous version of the UCF citation was used. New control tests run against the current control version only. Only the latest versions of citations appear in lists.

Deactivating and Deleting citations

You cannot delete a GRC record that has a linked dependency to another GRC record. The Delete button appears in records and record lists, but only deactivates the entity rather than removing it from the system. Deactivation clears the Pertinent check box in the record, which removes any links to other GRC entities. By default, deactivated records are filtered out of related lists. Manually created GRC records with no linked dependencies can be completely deleted from the system. UCF records imported into GRC tables can only be deactivated. Only users with the admin role can deactivate or delete GRC records.