News

5 new Authority Documents have been added to the UCF

December 6, 2021 | News/Articles

ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements
AD ID: 1367
Status: Released
Availability: For Purchase
Citation Format: § (Legal) and ¶ (Para)
Document Type: ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements
Originator: International Organization for Standardization
Parent Category: International
Effective Date: 2013-10-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 599 citations mapped to 259 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-11-30.

Percent (%) of Citations with multiple mandates: 10.4%

Percent (%) of terms that were non-standard: 10.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


IEC 62443-3-3: Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels
AD ID: 3348
Status: Released
Availability: For Purchase
Citation Format: ¶ (Numbered Paragraphs)
Document Type: IEC 62443-3-3: Industrial communication networks - Network and system security - Part 3-3: System security requirements and security levels
Originator: International Electrotechnical Commission
Parent Category: International
Effective Date: 2013-08-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 411 citations mapped to 141 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-12-03.

Percent (%) of Citations with multiple mandates: 9.8%

Percent (%) of terms that were non-standard: 7.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.3% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 12.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0.6% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


IEC 62443-4-2: Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components
AD ID: 3349
Status: Released
Availability: For Purchase
Citation Format: ¶ (Numbered Paragraphs)
Document Type: IEC 62443-4-2: Security for industrial automation and control systems - Part 4-2: Technical security requirements for IACS components
Originator: International Electrotechnical Commission
Parent Category: International
Effective Date: 2019-02-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 563 citations mapped to 137 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-12-05.

Percent (%) of Citations with multiple mandates: 4.9%

Percent (%) of terms that were non-standard: 35.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.5% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 7.2% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 26.7% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 1.9% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


17 CFR Part 248 Subpart C, Regulation S-ID - Identity Theft Red Flags
AD ID: 3358
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: 17 CFR Part 248 Subpart C, Regulation S-ID - Identity Theft Red Flags
Originator: US Congress
Parent Category: North America
Effective Date: 2021-10-07
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 97 citations mapped to 47 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-11-29.

Percent (%) of Citations with multiple mandates: 13.6%

Percent (%) of terms that were non-standard: 9.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 3.7% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 33.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 50% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Circular to Licensed Corporations - Use of external electronic data storage
AD ID: 3365
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Circular to Licensed Corporations - Use of external electronic data storage
Originator: Securities and Futures Commission
Parent Category: Asia
Effective Date: 2019-10-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 119 citations mapped to 72 UCF Common Control IDs. The document as a whole was last reviewed and released on 2021-12-02.

Percent (%) of Citations with multiple mandates: 38.8%

Percent (%) of terms that were non-standard: 9.50% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.5% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.