Manage the Unified Compliance Framework (UCF) with Policy and Compliance Management

Users with a separate subscription to the Network Frontiers Unified Compliance Framework Common Controls Hub (UCF-CCH), can download content from the UCF-CCH for use as GRC authority documents, citations, controls, and policy statements. Users must have a UCF-CCH account to create shared lists and import them into ServiceNow®.

Users must have a UCF Common Controls Hub account to create shared lists and import them into the ServiceNow® instance.

Every authority document already imported into the ServiceNow® instance must be in any shared list you wish to import from the UCF CCH. This prevents inconsistencies between what is in the UCF CCH (which may have changed) and what you’ve already imported.
Figure 1. Shared list import successful
Figure 2. Shared list import unsuccessful

An error is rendered since SOX is not being reimported within this Shared List.

For more information on Unified Compliance Framework (UCF), see
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements on any UCF fields transformed into GRC tables.

UCF and GRC terminology differences

Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table.

Table 1. Terminology differences
UCF GRC application
Authority Document Authority Document
Citation Citation
Control Policy Statement