The ServiceNow® GRC: Compliance UCF application enables compliance administrators to download content from the Unified Compliance Framework® (UCF) for use as GRC authority documents, citations, controls, and policy statements. The downloaded content can be updated at predefined intervals.
A UCF Common Controls Hub account is required to create shared lists and import them into the ServiceNow instance.
For more information about UCF, see the Unified Compliance Framework website.
Warning: All data imported from UCF is read-only. Do not customize authority documents, citations, or policy statements in any UCF fields mapped to GRC tables.
The Compliance UCF plugin includes the following features:
- UCF integration with API key-based subscription validation.
- Access to over 100 UCF authority documents, downloadable through multiple shared lists.
- Automatic mapping of authority documents to their corresponding citations, which are further mapped to ServiceNow control objectives.
New
This release introduces the following enhancements:
- Enhanced application security by enabling query range ACLs for all relevant tables.
Fixed
This release resolves the following issues:
- UCF integration creating empty mappings in the Citation to Control Objective M2M table.
The following plugin must be installed and active:
- GRC: Policy and Compliance Management
Permissions and roles:
- Role required to install the app: System administrator (admin)
When you upgrade the Compliance UCF application, ensure that the Compliance Management Workspace and any other installed GRC applications are also upgraded to their corresponding release versions. For example, Compliance UCF version 20.x is certified to work with GRC application versions 20.x.