News

49 new Authority Documents have been added to the UCF

April 5, 2018

Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53
AD ID: 1374
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2013-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 2123 citations mapped to 736 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-02.

Percent (%) of Citations with multiple mandates: 1%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline
AD ID: 1913
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2013-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 669 citations mapped to 252 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-02.

Percent (%) of Citations with multiple mandates: 1.4%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline
AD ID: 1914
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2013-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 883 citations mapped to 373 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-18.

Percent (%) of Citations with multiple mandates: 1.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline
AD ID: 1915
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2013-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1057 citations mapped to 426 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-02.

Percent (%) of Citations with multiple mandates: 1.1%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Mississippi Code Ann Title 75, Chapter 24, Section 75-24-29, Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement
AD ID: 2652
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Mississippi Code Ann Title 75, Chapter 24, Section 75-24-29, Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement
Originator: Mississippi State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 27 citations mapped to 18 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-12-04.

Percent (%) of Citations with multiple mandates: 15.8%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Guam 9 GCA, Chapter 48, Notification of Breaches of Personal Information
AD ID: 2667
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Guam 9 GCA, Chapter 48, Notification of Breaches of Personal Information
Originator: Guam Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 35 citations mapped to 20 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-12-04.

Percent (%) of Citations with multiple mandates: 9.7%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Monetary Authority of Singapore: Technology Risk Management Guidelines
AD ID: 2801
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Monetary Authority of Singapore: Technology Risk Management Guidelines
Originator: Monetary Authority of Singapore
Parent Category: Asia
Effective Date: 2013-06-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 514 citations mapped to 336 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-20.

Percent (%) of Citations with multiple mandates: 32.6%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 17.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 9.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
AD ID: 2802
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
Originator: European Union
Parent Category: Europe
Effective Date: 2016-04-27
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 670 citations mapped to 255 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-08.

Percent (%) of Citations with multiple mandates: 20.6%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 29.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 4.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management
AD ID: 2804
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management
Originator: Hong Kong Monetary Authority
Parent Category: Asia
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 313 citations mapped to 231 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-11-07.

Percent (%) of Citations with multiple mandates: 55.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 18.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 100% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 8.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO 704:2009 Terminology work -- Principles and methods
AD ID: 2819
Status: Released
Availability: For Purchase
Citation Format: § (Legal)
Document Type: ISO 704:2009 Terminology work -- Principles and methods
Originator: International Organization for Standardization
Parent Category: International
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 134 citations mapped to 84 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-23.

Percent (%) of Citations with multiple mandates: 32.9%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 31.5% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 52.9% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 64.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO/IEC 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
AD ID: 2838
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2015-12-15
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 643 citations mapped to 138 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-11-17.

Percent (%) of Citations with multiple mandates: 10%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 7.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 4.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


FFIEC Business Continuity Planning (BCP) IT Examination Handbook
AD ID: 2861
Status: Released
Availability: Free
Citation Format: Rule (Defined Rules)
Document Type: FFIEC Business Continuity Planning (BCP) IT Examination Handbook
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: 2015-02-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 631 citations mapped to 255 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-23.

Percent (%) of Citations with multiple mandates: 32.8%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 11.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 27.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 34.5% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 13.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


FFIEC Information Technology Examination Handbook - Information Security
AD ID: 2863
Status: Released
Availability: Free
Citation Format: None
Document Type: FFIEC Information Technology Examination Handbook - Information Security
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: 2016-09-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 659 citations mapped to 317 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-12-07.

Percent (%) of Citations with multiple mandates: 35.8%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 8.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 27.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 31.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


FFIEC IT Examination Handbook - Audit
AD ID: 2871
Status: Released
Availability: Free
Citation Format: ¶ (Para and Page) or ID (Reference ID)
Document Type: FFIEC IT Examination Handbook - Audit
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: 2012-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 335 citations mapped to 190 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-11-22.

Percent (%) of Citations with multiple mandates: 25.1%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 24.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 75% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Arizona Revised Statutes Title 18, Chapter 5, Article 3, Section 18-545, Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions
AD ID: 2879
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Arizona Revised Statutes Title 18, Chapter 5, Article 3, Section 18-545, Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions
Originator: Arizona State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 33 citations mapped to 23 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-03.

Percent (%) of Citations with multiple mandates: 14.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Florida Statutes, Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information
AD ID: 2880
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Florida Statutes, Title XXXII, Chapter 501, Section 501.171, Security of confidential personal information
Originator: Florida State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 84 citations mapped to 43 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-03.

Percent (%) of Citations with multiple mandates: 14.7%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 17.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Montana Code Annotated Title 2., Chapter 6., Part 15., Sections 2-6-1501 to 1503
AD ID: 2881
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Montana Code Annotated Title 2., Chapter 6., Part 15., Sections 2-6-1501 to 1503
Originator: Montana State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 39 citations mapped to 25 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-17.

Percent (%) of Citations with multiple mandates: 9.1%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 10.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Georgia Code Title 46, Chapter 5, Article 6, Section 46-5-214, Action in event of telephone record security breach; notification to Georgia residents; law enforcement exception; violations shall be unfair or deceptive practice in consumer transactions
AD ID: 2882
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Georgia Code Title 46, Chapter 5, Article 6, Section 46-5-214, Action in event of telephone record security breach; notification to Georgia residents; law enforcement exception; violations shall be unfair or deceptive practice in consumer transactions
Originator: Georgia General Assembly
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 6 citations mapped to 4 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-16.

Percent (%) of Citations with multiple mandates: 20%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Connecticut General Statutes, Title 4e, Chapter 62a, Section 4e-70, Requirements for state contractors who receive confidential information
AD ID: 2883
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Connecticut General Statutes, Title 4e, Chapter 62a, Section 4e-70, Requirements for state contractors who receive confidential information
Originator: Connecticut General Assembly
Parent Category: North America
Effective Date: 2015-07-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 59 citations mapped to 46 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-16.

Percent (%) of Citations with multiple mandates: 31.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


New Mexico House Bill 15, Data Breach Notification Act
AD ID: 2884
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: New Mexico House Bill 15, Data Breach Notification Act
Originator: New Mexico State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 52 citations mapped to 35 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 4.2%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Code of Maryland State Government, Title 10, Subtitle 13, Sections 10-1301 to 10-1308
AD ID: 2886
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Code of Maryland State Government, Title 10, Subtitle 13, Sections 10-1301 to 10-1308
Originator: Maryland General Assembly
Parent Category: North America
Effective Date: 2017-04-18
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 62 citations mapped to 25 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 3.4%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Code of Virginia Title 32.1, Chapter 5., Section 32.1-127.1:05 Breach of medical information notification.
AD ID: 2887
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Code of Virginia Title 32.1, Chapter 5., Section 32.1-127.1:05 Breach of medical information notification.
Originator: Virginia General Assembly
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 32 citations mapped to 28 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 20%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 18.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Revised Code of Washington Title 42, Chapter 42.56, Section 42.56.590 Personal information--Notice of security breaches.
AD ID: 2888
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Revised Code of Washington Title 42, Chapter 42.56, Section 42.56.590 Personal information--Notice of security breaches.
Originator: Washington State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 38 citations mapped to 24 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 12.1%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 7.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Tennessee Code Annotated Title 8, Chapter 4, Part 1, Section 8-4-119 Report to comptroller of treasury of government fraud.
AD ID: 2889
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Tennessee Code Annotated Title 8, Chapter 4, Part 1, Section 8-4-119 Report to comptroller of treasury of government fraud.
Originator: Tennessee General Assembly
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 10 citations mapped to 3 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Ohio Revised Code, Title 13, Chapter 1349, Section 1349.192 Civil action by attorney general for violation of disclosure laws.
AD ID: 2890
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Ohio Revised Code, Title 13, Chapter 1349, Section 1349.192 Civil action by attorney general for violation of disclosure laws.
Originator: Ohio State General Assembly
Parent Category: North America
Effective Date: 2006-02-17
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 11 citations mapped to 2 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Ohio Revised Code, Title 13, Chapter 1349, Section 1349.191 Investigation of noncompliance with disclosure laws..
AD ID: 2891
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Ohio Revised Code, Title 13, Chapter 1349, Section 1349.191 Investigation of noncompliance with disclosure laws..
Originator: Ohio State General Assembly
Parent Category: North America
Effective Date: 2006-02-17
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 17 citations mapped to 3 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-19.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


New York State Technology Law, Article 2 Internet Security and Privacy Act
AD ID: 2892
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: New York State Technology Law, Article 2 Internet Security and Privacy Act
Originator: New York State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 67 citations mapped to 44 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-20.

Percent (%) of Citations with multiple mandates: 33.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 7.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Montana Code Annotated Title 33, Chapter 19, Part 3, Section 33-19-321
AD ID: 2893
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Montana Code Annotated Title 33, Chapter 19, Part 3, Section 33-19-321
Originator: Montana State Legislature
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 19 citations mapped to 14 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-16.

Percent (%) of Citations with multiple mandates: 20%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 5.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies
AD ID: 2895
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies
Originator: New York Department of Financial Services
Parent Category: North America
Effective Date: 2017-03-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 130 citations mapped to 96 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-10-18.

Percent (%) of Citations with multiple mandates: 38.2%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 1.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 33.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 66.7% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


FFIEC Cybersecurity Assessment Tool, Baseline
AD ID: 2896
Status: Released
Availability: Free
Citation Format: None
Document Type: FFIEC Cybersecurity Assessment Tool, Baseline
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: 2017-05-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 189 citations mapped to 151 UCF Common Control IDs. The document as a whole was last reviewed and released on 2017-12-18.

Percent (%) of Citations with multiple mandates: 22.4%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 23.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


FFIEC Information Technology Examination Handbook - Management
AD ID: 2897
Status: Released
Availability: Free
Citation Format: ¶ (Para and Page) with Section Titles
Document Type: FFIEC Information Technology Examination Handbook - Management
Originator: US Federal Financial Institutions Examination Council (FFIEC)
Parent Category: North America
Effective Date: 2015-11-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 693 citations mapped to 334 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-01.

Percent (%) of Citations with multiple mandates: 45.9%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 28% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Framework for Improving Critical Infrastructure Cybersecurity
AD ID: 2900
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Framework for Improving Critical Infrastructure Cybersecurity
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2017-12-05
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 176 citations mapped to 133 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-12.

Percent (%) of Citations with multiple mandates: 22.8%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 7.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 10.5% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 13.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


GDPR Information Assurance Audit Questions; A specialized audit of unique information governance controls found in GDPR
AD ID: 2901
Status: Restricted
Availability: Free
Citation Format: ID (Reference ID)
Document Type: GDPR Information Assurance Audit Questions; A specialized audit of unique information governance controls found in GDPR
Originator: ARMA International
Parent Category: Records Management Organizations
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 134 citations mapped to 89 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-08.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 91% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - System Security Management CIP-007-6
AD ID: 2902
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - System Security Management CIP-007-6
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 64 citations mapped to 35 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-13.

Percent (%) of Citations with multiple mandates: 11.3%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 10.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Personnel & Training CIP-004-6
AD ID: 2903
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Personnel & Training CIP-004-6
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 67 citations mapped to 34 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-07.

Percent (%) of Citations with multiple mandates: 18.5%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-2
AD ID: 2904
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Physical Security CIP-014-2
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 53 citations mapped to 30 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-12.

Percent (%) of Citations with multiple mandates: 23.7%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 18.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 20.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Information Protection CIP-011-2
AD ID: 2905
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Information Protection CIP-011-2
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 22 citations mapped to 10 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-23.

Percent (%) of Citations with multiple mandates: 20%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Configuration Change Management and Vulnerability CIP-010-2
AD ID: 2906
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Configuration Change Management and Vulnerability CIP-010-2
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 92 citations mapped to 48 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-02.

Percent (%) of Citations with multiple mandates: 22.4%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 12% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 9.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Recovery Plans for BES Cyber Systems CIP-009-6
AD ID: 2907
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Recovery Plans for BES Cyber Systems CIP-009-6
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 51 citations mapped to 29 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-01.

Percent (%) of Citations with multiple mandates: 32.4%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 25.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 27.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Incident Reporting and Response Planning CIP-008-5
AD ID: 2908
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Incident Reporting and Response Planning CIP-008-5
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 39 citations mapped to 16 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-01.

Percent (%) of Citations with multiple mandates: 12.9%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 5.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 5.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Physical Security of BES Cyber Systems CIP-006-6
AD ID: 2909
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Physical Security of BES Cyber Systems CIP-006-6
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 39 citations mapped to 24 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-23.

Percent (%) of Citations with multiple mandates: 17.9%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Electronic Security Perimeter(s) CIP-005-5
AD ID: 2910
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Electronic Security Perimeter(s) CIP-005-5
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Varies
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 25 citations mapped to 11 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-01-23.

Percent (%) of Citations with multiple mandates: 15.8%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - BES Cyber System Categorization CIP-002-5.1a
AD ID: 2911
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - BES Cyber System Categorization CIP-002-5.1a
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: Varies
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 24 citations mapped to 6 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-02.

Percent (%) of Citations with multiple mandates: 10%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


AD Remapping Demo
AD ID: 2916
Status: Restricted
Availability: Free
Citation Format: ID (Reference ID)
Document Type: AD Remapping Demo
Originator: Unified Compliance Framework
Parent Category: Organizational Documents
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 3 citations mapped to 1 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-02-08.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Standards for Safeguarding Customer Information Model Regulation, NAIC MDL-673
AD ID: 2919
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: Standards for Safeguarding Customer Information Model Regulation, NAIC MDL-673
Originator: National Association of Insurance Commissioners
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 50 citations mapped to 21 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-06.

Percent (%) of Citations with multiple mandates: 31%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 28% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Insurance Data Security Model Law, NAIC MDL-668
AD ID: 2920
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: Insurance Data Security Model Law, NAIC MDL-668
Originator: National Association of Insurance Commissioners
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 215 citations mapped to 124 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-07.

Percent (%) of Citations with multiple mandates: 44%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 20.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


How to Write a Dictionary Definition
AD ID: 2927
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: How to Write a Dictionary Definition
Originator: wikiHow
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 13 citations mapped to 11 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-23.

Percent (%) of Citations with multiple mandates: 0%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 69.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 30.8% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


How to Write an Extended Definition
AD ID: 2931
Status: Released
Availability: Free
Citation Format: ¶ (Numbered Paragraphs)
Document Type: How to Write an Extended Definition
Originator: Richard Corning
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 9 citations mapped to 8 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-23.

Percent (%) of Citations with multiple mandates: 12.5%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 4.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 44.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 55.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171
AD ID: 2932
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2016-12-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 150 citations mapped to 121 UCF Common Control IDs. The document as a whole was last reviewed and released on 2018-03-29.

Percent (%) of Citations with multiple mandates: 13.7%

Percent (%) of terms that were non-standard: 0.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.