News

7 new Authority Documents have been added to the UCF

August 1, 2022

ISO/IEC 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
AD ID: 2838
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO/IEC 27017:2015, Information technology -- Security techniques -- Code of practice for information security controls based on ISO/IEC 27002 for cloud services
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2015-12-15
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 645 citations mapped to 139 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-29.

Percent (%) of Citations with multiple mandates: 9.2%

Percent (%) of terms that were non-standard: 17.20% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 10.4% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 5.4% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Financial Services Sector Cybersecurity Profile
AD ID: 2980
Status: Released
Availability: Free
Citation Format: None
Document Type: Financial Services Sector Cybersecurity Profile
Originator: Financial Services Sector Coordinating Council
Parent Category: North America
Effective Date: 2018-10-25
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 700 citations mapped to 333 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-25.

Percent (%) of Citations with multiple mandates: 30.8%

Percent (%) of terms that were non-standard: 13.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


CRI Profile
AD ID: 3390
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: CRI Profile
Originator: Cyber Risk Institute
Parent Category: North America
Effective Date: 2021-12-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 719 citations mapped to 412 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-25.

Percent (%) of Citations with multiple mandates: 33.9%

Percent (%) of terms that were non-standard: 64.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 4.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Personal Information Protection Law of the People's Republic of China
AD ID: 3497
Status: Released
Availability: Free
Citation Format: Article (Art)
Document Type: Personal Information Protection Law of the People's Republic of China
Originator: National People's Congress of the People's Republic of China
Parent Category: Asia
Effective Date: 2021-12-29
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 269 citations mapped to 120 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-29.

Percent (%) of Citations with multiple mandates: 26.9%

Percent (%) of terms that were non-standard: 7.70% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 12.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


GRI 3: Material Topics 2021
AD ID: 3506
Status: Released
Availability: With Membership
Citation Format: § (Legal) and ¶ (Para)
Document Type: GRI 3: Material Topics 2021
Originator: Global Reporting Initiative
Parent Category: International
Effective Date: 2023-01-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 209 citations mapped to 66 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-28.

Percent (%) of Citations with multiple mandates: 23.3%

Percent (%) of terms that were non-standard: 3.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 1.8% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 20.1% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 50% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 23.1% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Adoption of an Affiliate's Cybersecurity Program
AD ID: 3510
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Adoption of an Affiliate's Cybersecurity Program
Originator: New York Department of Financial Services
Parent Category: North America
Effective Date: 2021-10-22
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 15 citations mapped to 9 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-28.

Percent (%) of Citations with multiple mandates: 50%

Percent (%) of terms that were non-standard: 2.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Federal Acquisition Regulation 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
AD ID: 3512
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: Federal Acquisition Regulation 52.204-21 Basic Safeguarding of Covered Contractor Information Systems
Originator: Federal Acquisition Regulatory Council
Parent Category: North America
Effective Date: 2022-05-26
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 23 citations mapped to 18 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-07-28.

Percent (%) of Citations with multiple mandates: 10%

Percent (%) of terms that were non-standard: 3.10% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 0% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.