News

7 new Authority Documents have been added to the UCF

February 28, 2022

Monetary Authority of Singapore: Technology Risk Management Guidelines
AD ID: 2801
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Monetary Authority of Singapore: Technology Risk Management Guidelines
Originator: Monetary Authority of Singapore
Parent Category: Asia
Effective Date: 2013-06-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 516 citations mapped to 329 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-22.

Percent (%) of Citations with multiple mandates: 32.6%

Percent (%) of terms that were non-standard: 22.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.1% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 9.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181
AD ID: 2925
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2017-08-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1543 citations mapped to 679 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-22.

Percent (%) of Citations with multiple mandates: 35.7%

Percent (%) of terms that were non-standard: 4.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.2% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 13.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 3.6% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO/IEC 20000-1:2018, Information technology -- Service management --Part 1: Service management system requirements
AD ID: 3002
Status: Released
Availability: For Purchase
Citation Format: ¶ (Para and Page) with Section Titles
Document Type: ISO/IEC 20000-1:2018, Information technology -- Service management --Part 1: Service management system requirements
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2018-09-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 696 citations mapped to 271 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-22.

Percent (%) of Citations with multiple mandates: 28.2%

Percent (%) of terms that were non-standard: 10.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 9.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 19.9% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 14.3% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)"
AD ID: 3297
Status: Released
Availability: Free
Citation Format: None
Document Type: Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)"
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: Not Defined
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1564 citations mapped to 695 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-22.

Percent (%) of Citations with multiple mandates: 36.7%

Percent (%) of terms that were non-standard: 99.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Michigan Compiled Laws, Chapter 5A Sections 550-565, Data Security
AD ID: 3406
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (for bulleted Paragraphs)
Document Type: Michigan Compiled Laws, Chapter 5A Sections 550-565, Data Security
Originator: Michigan State Legislature
Parent Category: North America
Effective Date: 2021-01-20
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 213 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-24.

Percent (%) of Citations with multiple mandates: 33.1%

Percent (%) of terms that were non-standard: 8.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
AD ID: 3429
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 416 citations mapped to 0 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-24.

Percent (%) of Citations with multiple mandates: 6.5%

Percent (%) of terms that were non-standard: 58.40% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.7% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection -- Information security controls
AD ID: 3430
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection -- Information security controls
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2022-02-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 261 citations mapped to 152 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-02-23.

Percent (%) of Citations with multiple mandates: 22.1%

Percent (%) of terms that were non-standard: 8.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.