Manage compliance framework using UCF Common Controls Hub

Compliance administrators download content from Network Frontiers Unified Compliance Framework (UCF) for use as GRC authority documents, citations, controls, and policy statements. The documents can be updated on pre-defined intervals.

Users must have a UCF Common Controls Hub account to create shared lists and import them into the ServiceNow® instance.

Every authority document already imported into the ServiceNow® instance must be in any shared list you wish to import from the UCF CCH. This prevents inconsistencies between what is in the UCF CCH (which may have changed) and what you’ve already imported.
Figure 1. Shared list import successful
Figure 2. Shared list import unsuccessful

An error is rendered since SOX is not being reimported within this Shared List.

For more information on Unified Compliance Framework (UCF), see
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements on any UCF fields transformed into GRC tables.

UCF and GRC terminology differences

Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table.

Table 1. Terminology differences
UCF GRC application
Authority Document Authority Document
Citation Citation
Control Policy Statement