News

7 new Authority Documents have been added to the UCF

May 2, 2022

FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors
AD ID: 3421
Status: Released
Availability: Free
Citation Format: Ch (Chapter) and § (Legal)
Document Type: FIPS Pub 201-3, Personal Identity Verification (PIV) of Federal Employees and Contractors
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2022-01-25
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 831 citations mapped to 118 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-26.

Percent (%) of Citations with multiple mandates: 17.5%

Percent (%) of terms that were non-standard: 24.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 7.9% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 47.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 47.8% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 11.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
AD ID: 3429
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27018:2019, Information technology -- Security techniques -- Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2019-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 419 citations mapped to 97 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-26.

Percent (%) of Citations with multiple mandates: 6.7%

Percent (%) of terms that were non-standard: 58.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.6% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 15.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.7% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Security Management Controls CIP-003-6
AD ID: 3439
Status: Released
Availability: Free
Citation Format: ¶ (Para and Page) or ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Security Management Controls CIP-003-6
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: 2022-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 89 citations mapped to 52 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-27.

Percent (%) of Citations with multiple mandates: 23.5%

Percent (%) of terms that were non-standard: 44.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Electronic Security Perimeter(s) CIP-005-5
AD ID: 3441
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: North American Electric Reliability Corporation Critical Infrastructure Protection Standards Cyber Security - Electronic Security Perimeter(s) CIP-005-5
Originator: North American Electric Reliability Corporation
Parent Category: North America
Effective Date: 2022-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 29 citations mapped to 12 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-27.

Percent (%) of Citations with multiple mandates: 7.7%

Percent (%) of terms that were non-standard: 56.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements
AD ID: 3444
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements
Originator: PCI Security Standards Council
Parent Category: Payment Card Organizations
Effective Date: 2022-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1152 citations mapped to 536 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-26.

Percent (%) of Citations with multiple mandates: 21.4%

Percent (%) of terms that were non-standard: 9.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 10.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 66.7% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 2.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures
AD ID: 3445
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Testing Procedures
Originator: PCI Security Standards Council
Parent Category: Payment Card Organizations
Effective Date: 2022-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1050 citations mapped to 354 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-26.

Percent (%) of Citations with multiple mandates: 37.8%

Percent (%) of terms that were non-standard: 10.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.2% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.

 


CIS Amazon Linux 2 Benchmark
AD ID: 3448
Status: Released
Availability: Free
Citation Format: None
Document Type: CIS Amazon Linux 2 Benchmark
Originator: The Center for Internet Security
Parent Category: International
Effective Date: 2021-07-28
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 293 citations mapped to 179 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-04-29.

Percent (%) of Citations with multiple mandates: 1.7%

Percent (%) of terms that were non-standard: 8.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 31.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 15.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.