Use UCF Common Controls Hub to manage compliance frameworks Compliance administrators can download authority document as shared list from Network Frontiers Unified Compliance Framework (UCF) for use as GRC authority documents, citations, controls, and policy statements. Only administrators with the sn_comp_ucf.admin and oauth_admin roles assigned to them can use the UCF functionality. For more information, see Unified Compliance Framework (UCF). Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements on any UCF fields transformed into GRC tables. The authority documents can be updated on pre-defined intervals. Note: A subscription to UCF-CCH is not required for using the GRC Policy & Compliance application. Importing authority document through shared lists Every authority document already imported into the ServiceNow® instance must be in any shared list you wish to import from the UCF CCH. This prevents inconsistencies between what is in the UCF CCH (which may have changed) and what you’ve already imported. Figure 1. Shared list import successful Figure 2. Shared list import unsuccessful An error is rendered since SOX is not being reimported within this Shared List. UCF and GRC terminology differences Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table. Table 1. Terminology differences UCF GRC application Authority Document Authority Document Citation Citation Control Policy Statement Getting Started with the UCF Common Controls HubIf your organization plans on using UCF as the provider of your controls library, you must have a separate subscription to the Network Frontiers Unified Compliance Framework Common Controls Hub (UCF-CCH).