The ServiceNow® GRC: Compliance UCF application allows compliance administrators to download content from Unified Compliance Framework® (UCF) to use as GRC authority documents, citations, controls, and policy statements. The documents can be updated at predefined intervals.
Users must have a UCF Common Controls Hub account to create shared lists and import them into the ServiceNow instance.
For more information on the Unified Compliance Framework (UCF), see https://www.unifiedcompliance.com.
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements in any UCF fields transformed into GRC tables.
The Compliance UCF plugin includes the following features:
- UCF integration that validates subscriptions using an API key.
- Ability to download over 100 UCF authority documents through multiple shared lists.
- Automatic mapping of authority documents to their corresponding citations, which are also mapped to a standard set of controls known as control objectives in ServiceNow.
Fixed Issues:
- Resolved resource contention issues in UCF import process by implementing a custom queue.
The following plugin must be installed and active:
- GRC: Policy and Compliance Management
Permissions and roles:
- Role required to install the app: System administrator (admin)
When you upgrade the Compliance UCF application, make sure that the Compliance Management Workspace and any other installed GRC applications are upgraded to the corresponding release version. For example, Compliance UCF version 20.x is certified to work with GRC application versions 20.x.