News

4 new Authority Documents have been added to the UCF

June 13, 2022 | Weekly Updates

Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0
AD ID: 3462
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0
Originator: PCI Security Standards Council
Parent Category: Payment Card Organizations
Effective Date: 2022-04-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 482 citations mapped to 249 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-07.

Percent (%) of Citations with multiple mandates: 16.9%

Percent (%) of terms that were non-standard: 100.00% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 1.8% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


SS2/21 Outsourcing and third party risk management
AD ID: 3467
Status: Released
Availability: Free
Citation Format: § (Legal) and ¶ (Para)
Document Type: SS2/21 Outsourcing and third party risk management
Originator: Bank of England Prudential Regulation Authority
Parent Category: Europe
Effective Date: 2022-03-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 562 citations mapped to 182 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-06.

Percent (%) of Citations with multiple mandates: 19.5%

Percent (%) of terms that were non-standard: 6.30% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 3.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 5.5% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161
AD ID: 3471
Status: Released
Availability: Free
Citation Format: ID (Reference ID)
Document Type: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations, NIST Special Publication 800-161
Originator: US National Institute of Standards and Technology
Parent Category: North America
Effective Date: 2022-05-01
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 1479 citations mapped to 733 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-10.

Percent (%) of Citations with multiple mandates: 15.9%

Percent (%) of terms that were non-standard: 9.90% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 6.7% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 0% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.


Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act
AD ID: 3478
Status: Released
Availability: Free
Citation Format: § (Legal)
Document Type: Utah Code, Title 13, Chapter 61, Utah Consumer Privacy Act
Originator: Utah Legislature
Parent Category: North America
Effective Date: 2023-12-31
Language: eng

Click here to launch this Authority Document in the Common Controls Hub

This Authority Document has 154 citations mapped to 81 UCF Common Control IDs. The document as a whole was last reviewed and released on 2022-06-09.

Percent (%) of Citations with multiple mandates: 9.2%

Percent (%) of terms that were non-standard: 8.60% The number of non-standard terms doesn't affect UCF users as the UCF team have already mapped those terms to standard terms in the Compliance Dictionary.

Percent (%) of terms mapped into the AD's glossary: 0.4% Primary verbs and nouns not mapped into an AD's glossary can point to the AD's authors not paying attention to the definitions of their terms.

Percent (%) of terms where fewer than 5 other ADs referenced the term: 16.3% Any term in this category is not very widely used by the rest of the compliance community and therefore will more than likely need to be further investigated for any implications it might bring.

Percent (%) of mandates where only 1 to 5 other ADs mapped to the Common Control: 0% Mandates that aren't widely called for will take longer to implement than mandates that are more familiar.

Number of mandates where 0 other ADs mapped to the Common Control: 3.3% These mandates are only called for by this AD, making them particularly thorny to implement, as this AD is the "lone wolf" in asking for them to be followed.