Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

Use UCF Common Controls Hub to manage compliance frameworks

Log in to subscribe to topics and get notified when content changes.

Use UCF Common Controls Hub to manage compliance frameworks

The UCF Common Controls Hub® (CCH) is a Software-as-a-Service portal that allows retrieval of regulatory data from the underlying Unified Compliance Framework®. Compliance administrators can download content to use as GRC Authority Documents, citations, controls, and policy statements. The documents can be updated on pre-defined intervals. You must have a CCH account to create shared lists and import them into the ServiceNow® instance. API access is also required to download UCF content from the CCH.

If your organization wants to use the CCH as the source for your GRC regulatory content and controls library, you can purchase a subscription and API access from Common Controls Hub. For more information, see Unified Compliance Framework.

Note: The previous arrangement for free access to UCF content inclusive of your GRC license ended November 30, 2018. All customers need to purchase a subscription from UCF directly.
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the Authority Documents, citations, or policy statements on any UCF fields transformed into GRC tables.

Getting Started with the UCF Common Controls Hub

Note: A subscription to UCF-CCH is not required for using the GRC Policy and Compliance Management application. It is only necessary for using UCF content as Authority Documents.
  1. Sign up for an account and customize your Basic subscription to include API Access.
  2. Activate Compliance UCF.
  3. Create HI Request for UCF-CCH account integration information.
  4. Configure the UCF integration.
  5. Download a UCF shared list.

Authority document and shared list imports

When importing updates to Authority Documents from CCH, each Shared List must include all previously imported Authority Documents. This prevents inconsistencies between what is in the CCH (which may have changed) and what you’ve already imported to your ServiceNow® instance.
Figure 1. Shared list import successful
graphic shows all authority documents reimported with the new one
Figure 2. Shared list import unsuccessful
graphic shows a mismatch of the imported authority documents

An error is rendered since SOX is not being reimported within this Shared List.

UCF and GRC terminology differences

Authority documents in the UCF content are organized and mapped to their proper citations, which in turn are mapped to a common set of controls. The terminology between UCF and the GRC applications differ slightly as explained in the following table.

Table 1. Terminology differences
UCF GRC application
Authority Document Authority Document
Citation Citation
Control Policy Statement