The ServiceNow® GRC: Compliance UCF application allows compliance administrators to download content from Unified Compliance Framework® (UCF) to use as GRC authority documents, citations, controls, and policy statements. The documents can be updated at predefined intervals.
Users must have a UCF Common Controls Hub account to create shared lists and import them into the ServiceNow instance.
For additional information on the Unified Compliance Framework (UCF), see https://www.unifiedcompliance.com.
Warning: All data imported from UCF Authority Documents is read-only and must be protected. Do not customize the authority documents, citations, or policy statements within any UCF fields that have been transformed into GRC tables.
The Compliance UCF plugin includes the following features:
- UCF integration that validates subscriptions using an API key.
- Ability to download over 100 UCF authority documents through multiple shared lists.
- Automatic mapping of authority documents to their corresponding citations, which are then mapped to a standard set of controls known as control objectives in ServiceNow.
Fixed:
This update addresses and resolves previously identified security issues.
The following plugin must be installed and active:
- GRC: Policy and Compliance Management
Permissions and roles:
- Role required to install the app: System administrator (admin)
When you upgrade the Compliance UCF application, ensure that the Compliance Management Workspace and any other installed GRC applications are also upgraded to their corresponding release versions. For example, Compliance UCF version 20.x is certified to work with GRC application versions 20.x.