Use UCF Common Controls Hub to manage compliance frameworks

Compliance administrators can download authority document as shared list from Network Frontiers Unified Compliance Framework (UCF) for use as GRC authority documents, citations, controls, and policy statements. Only administrators with the sn_comp_ucf.admin and oauth_admin roles assigned to them can use the UCF functionality.

For more information, see Unified Compliance Framework (UCF).

Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements on any UCF fields transformed into GRC tables. The authority documents can be updated on pre-defined intervals.
Note: A subscription to UCF-CCH is not required for using the GRC Policy & Compliance application.

Importing authority document through shared lists

Every authority document already imported into the ServiceNow® instance must be in any shared list you wish to import from the UCF CCH. This prevents inconsistencies between what is in the UCF CCH (which may have changed) and what you’ve already imported.
Figure 1. Shared list import successful
Figure 2. Shared list import unsuccessful

An error is rendered since SOX is not being reimported within this Shared List.

UCF and GRC terminology differences

Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table.

Table 1. Terminology differences
UCF GRC application
Authority Document Authority Document
Citation Citation
Control Policy Statement