Use UCF Common Controls Hub to manage compliance frameworks

Compliance administrators can download content from Network Frontiers Unified Compliance Framework (UCF) for use as GRC authority documents, citations, controls, and policy statements. The documents can be updated on pre-defined intervals.

Users must have a UCF Common Controls Hub account to create shared lists and import them into the ServiceNow® instance.

For more information on Unified Compliance Framework (UCF), see https://www.unifiedcompliance.com.
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements on any UCF fields transformed into GRC tables.

Getting Started with the UCF Common Controls Hub

Network Frontiers released a new method for allowing authenticated users to download content from the UCF Common Controls Hub (CCH) website. Users require a separate subscription to the Network Frontiers Unified Compliance Framework Common Controls Hub (UCF-CCH) to download UCF content.

For customers whose GRC entitlement date is before December 1, 2016, you are entitled to a free UCF CCH account for the period of December 1, 2016 through November 30, 2018.

For customers on Helsinki (Patch 7 and above), or Istanbul, and whose GRC entitlement date is December 1, 2016 or after, you must contact UCF-Common Control Hub to arrange for a subscription, if your organization plans on using Unified Controls Compliance as the provider of your controls library. For more information about establishing a UCF CCH account, see Unified Compliance Framework.
Note: A subscription to UCF-CCH is not required for using the GRC Policy & Compliance application.
Table 1.
If your organization's GRC entitlement date is Tasks
BEFORE December 1, 2016
  1. Activate Compliance UCF.
  2. Create HI Request for GRC subscription validation free UCF-CCH account.
  3. Configure the UCF integration.
  4. Download a UCF shared list.
AFTER December 1, 2016
  1. Sign up for a UCF CCH account and customize your basic subscription to include API Access.
  2. Activate Compliance UCF.
  3. Create HI Request for UCF-CCH account integration information.
  4. Configure the UCF integration.
  5. Download a UCF shared list.

Authority document and shared list imports

Every authority document already imported into the ServiceNow® instance must be in any shared list you wish to import from the UCF CCH. This prevents inconsistencies between what is in the UCF CCH (which may have changed) and what you’ve already imported.
Figure 1. Shared list import successful
Figure 2. Shared list import unsuccessful

An error is rendered since SOX is not being reimported within this Shared List.

UCF and GRC terminology differences

Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table.

Table 2. Terminology differences
UCF GRC application
Authority Document Authority Document
Citation Citation
Control Policy Statement