• $
    • 0
    • / YR
    • Quickly compile Controls lists customized for your organization.

    • Figure out which controls overlap to reduce workload.

    • Nothing to Download or Install. No Credit Card Required. No Time Limit.

    Sign Up For Free
  • Customizable
    • $
    • 4,995
    • / YR
    • User Access

    • Custom Builds

    • Authority Document Comparisons

    • Customize your Basic Subscription

    Sign Up
    • coalfire logo
    • You get the call from the boss you have been dreading for weeks. “Jimmy, it’s time to add FISMA to our control set, and we need to be compliant in three weeks. GO!”

      Carlos Pelaez
      National Practice Leader Coalfire
    • aspect logo
    • “Performing control and standards research could take several days in my old job, and there was always the concern that I might have missed some critical frameworks or entire regulations. With the UCF, I can do that same research and summarization in hours and have the confidence that any major framework, standard, or regulation was comprehensively reviewed. The UCF allows me to better focus my time on other important information security activities.”

      Rudy Montoya
      Information Security and Regulatory Compliance Aspect Software
    • seccuris logo
    • “We’ve been using the UCF for several years and it has continued to be the single most powerful compliance and regulation resource we have. UCF allows you to focus your efforts, increasing speed of compliance activities and decreasing risk of incomplete or inconsistent strategies, policies and controls. Regardless of the size of your organization you will see an immediate value in incorporating the UCF into your program and processes.”

      Michael Legary
      Chairman & Chief Strategy Officer Seccuris Inc.
    • usan logo
    • “The UCF has saved me countless hours of research on the Internet. Having direct access to the authority documents for standards, regulations and guidelines in one convenient location has helped me turn around compliance initiatives such as HIPAA compliance in a fraction of the time compared to what it used to take me prior to using the UCF.”

      Edgar Cooke
      Manager Information Security & Compliance USAN
    • patch advisor logo
    • “We have used the UCF compliance package tool for many assessments! The availability to pull the governance requirements is outstanding especially for each State. We also use it for quick references with building specific test plans.The UCF compliance package is a tool that we would like to keep in our tool bag!”

      Steve Fisher
      IA SME Patch Advisor
    • concise consulting logo
    • “We both use the UCF and recommend it to our clients. I can’t think of an organization that we work with whose core business is keeping track of the myriad of regulations that affect IT, not just in the US but overseas, but many spend a lot of effort doing just that. Why bother, when the UCF does all of the hard work, and allows you to focus on actually implementing controls to reduce risk to your organization, rather than working out how to interpret legislation? If that isn’t enough praise, for the amount of work that has gone into the UCF, it is incredibly competitively priced. We got almost instant return on our investment in UCF licenses and you will too.”

      Aaron Weller
      CEO & Co-founder
    • “I have used the UCF for 6+ years now, first as a Consultant and later as a full time InfoSec manager responsible for Governance, Compliance, and controls. The UCF has helped me in Business Impact Analysis and Risk Analysis functions for my work. It has saved me countless hours and reduced the cost associated with managing the complexity of IT risk and compliance by standardizing on a common set of controls that map to all the regulations and policy mandates they need to comply with.”

      Gary Everekyan
      VP, Information Security
    • cint logo
    • “At Cint, we are using UCF as information source for our Legislation guidelines matrix covering many countries all around the world. As Cint is ISO 20252 certified, these guidelines are an important part of our quality management where we are ensuring we always comply with the local laws and restrictions. The UCF helps us to keep the Legislation matrix up-to-date in a fast and easy way.”

      Veronika Oudova
      Business Analyst/Quality Management Cint
    • grc logo
    • “GRC Sphere members have concluded that the Common Controls Hub provides the greatest strategic value for their GRC program initiatives, not only as the System-of-Record for their compliance management Centers-of-Excellence, but also through these astounding operational reductions: 60% reduction of Internal Controls, 40% reduction in Labor Overhead, 50% reduction in Labor Overhead associated with remediation/change requests, 30% reduction in Labor Overhead associated with prepping for an audit.”

      Phil Wilson
      Architect; Member Programs & Services The GRC Sphere
    • danya international logo
    • “I’m one of your clients who recently upgraded to the corporate UCF. Kid in a candy store is all I can say.”

      Mark E. Potter
      Chief Information Security Officer Danya International, Inc.
    • ibm logo
    • “The UCF Mapper is the only accurate, documented, and repeatable mapping tool and methodology we’ve seen. This is exactly what we need to meet our clients’ demanding requirements.”
      Charles Chang
      Associate Partner Global Security Services, IBM
    • metricstream logo
    • “MetricStream customers love the Unified Compliance Framework, and now we can use UCF Mapper to add Authority Documents which are absolutely critical to specific customers, but not in demand by many. UCF Mapper allows us to continue to provide our customers with the best GRC solution in the market.”
      Vinaya Sathyanarayana
      Director, Product Management MetricStream

Common Questions