The Unified Compliance Framework (UCF) is an independent initiative to map IT controls across international regulations, standards, and best practices. The UCF harmonizes terms and controls against the backdrop of a master hierarchical list. This allows your organization to focus on a strategic plan (which resources should be applied, when and where) to comply with multiple regulatory bodies using the same team, tools, and funding.
A fundamental starting point is to identify rules, regulations, and industry best practices, which must be included in an organization's compliance portfolio. Parsing the citations within those authoritative sources that contain control objectives and mapping those objectives to organizational controls are the next steps. With those components in place, an organization has a solid foundation to drive audit, risk assessment, asset prioritization, and a host of other activities to support compliance operations.
UCF integration with RSA Archer supports the use of licensed UCF content to provide you with a consistent set of controls mapped to several regulatory standards and best practices.
- Create composite controls lists by defining simple "acceptance lists" of all relevant controls from selected authorities.
- Clarify conflicts between overlapping authority documents.