Official UC blog

New Release -- The Common Controls API

Written by UCF | Nov 4, 2015 1:19:32 AM

The Common Controls API

Unified Compliance has now released its Application Programming Interface (API) for accessing and writing to the UCF's Common Controls framework.

This API allows developers to directly access the Unified Compliance Framework’s Common Controls Hub and interface with a client’s selection of Authority Documents, Citations, Common Controls, Audit Questions, and more.

What’s the big deal with the API?

This is the first API ever to allow access to a patented Governance, Risk, and Compliance framework. Instead of vendors and users having to wait 3 months at a time for mapped Authority Documents to be compiled and delivered for inclusion into GRC tools and auditing tools, the API allows access to updates as they happen.

The Unified Compliance Framework’s Common Controls is the only compliance framework that has a patented mapping process and structure, as well as a patented dictionary framework. Allowing direct access to this process allows GRC vendors the ability to build complex and robust products without the worry or hassle of having to map their own content.

Allowing clients to have a single API license that lets them connect their selected Common Controls to any vendor who supports the API gives each client the ability to choose the best of breed GRC and auditing partners without having to pay for UCF content licenses from each GRC tool or auditing partner.

What does the API allow a client and an OEM Partner to do?

The API allows each client to select a list of Authority Documents and then share that list of Authority Documents with GRC tools, SIEM tools, Configuration Management tools, and auditing partners — simultaneously — from the list of Authority Documents:

- GRC partners can extract the individual Citations and map them to a list of Common Controls

- SIEM tools can extract the list of triggering events they must monitor for and report when they happen

- SCM tools can extract the list of Configurable Items (and their configuration settings) that map between the Citations and Common Controls for each Asset that is applicable

- Auditing partners can extract not only the Citations necessary for auditing against, but also the Common Control audit questions with pointers to the various evidence that needs to be gathered

- Auditing partners can also extract and feed back the status of audit questions for any given set of Authority Documents, and only Auditors can mark those Common Controls as certified.