Official UC blog

Unified Compliance and the Center for Internet Security Collaboration Enables Enhanced GRC Automation

Written by UCF | May 22, 2014 12:11:12 AM

Lafayette, CA—May 22, 2014—Unified Compliance, the premier provider of IT compliance mapping and creators of the Unified Compliance Framework® (UCF), announced the availability of the Center for Internet Security’s (CIS) configuration controls guidance for technologies including Microsoft Windows 8, Windows Server 2012, Internet Explorer 10, CentOS 6 and iOS 7, for use with the UCF.

CIS, a nonprofit organization focused on enhancing cyber security readiness and response for the public and private sectors, provides consensus-based secure configuration guidance and security automation content through its internationally recognized Security Benchmarks program. The award-winning UCF unifies regulatory controls, providing a single point of control over hundreds of complex regulations, requirements, and guidelines.

Utilized in conjunction with the UCF’s newly released UCFinterchange (UCFi), which enables Secure Configuration Management (SCM) and Configuration Auditing (CA) tools to communicate directly with Governance, Risk and Compliance (GRC) tools, UCF customers also gain continuous automated monitoring, reporting, and audit data collection capabilities.

“We are pleased to continue our collaboration with Unified Compliance and make more CIS resources available through the UCF,” said William F. Pelgrin, president and CEO of the Center for Internet Security. “The availability of our CIS benchmarks in the UCF supports our commitment to security automation, enabling our members to more rapidly assess their compliance with industry recognized standards.”

“CIS’ distinctive consensus-based process partners perfectly with the UCF’s commitment to transparency. The UCF was specifically designed to grow in order to meet tomorrow’s GRC needs. As a configurable framework, rather than a set solution to a specific problem, we can provide our customers with the best return on their investment now and into the future,” says Craig Isaacs, CEO of Unified Compliance.

“Our collaborations with proven industry leaders such as CIS helps to ensure that our customers always have access to the most effective governance, risk and compliance content and management guidance and tools,” Isaacs added.

Unified Compliance and CIS first partnered in 2010 to offer CIS secure configuration benchmarks through the UCF, published in the UCF's open XML format and licensed under a Creative Commons license agreement. The publicly documented, open UCF XML schema allows UCF and CIS subscribers/customers to integrate a wealth of regulatory, benchmark, best practice and security metrics into their compliance system, ranging from mandates to configuration settings to registry keys.

The CIS content now available for the UCF includes:

UCF Authority Document Common Name

  • CIS CentOS 6 Level 2
  • CIS CentOS 6 Level 1
  • CIS Windows 7 Level 1 + BitLocker
  • CIS Windows 7 Level 1
  • CIS Windows 8 Level 1 + BitLocker
  • CIS Windows 8 Level 1
  • CIS Windows 2008 Level 1 Member Server
  • CIS Windows 2008 Level 1 Domain Controller
  • CIS Windows 2008 R2 Level 1 Member Server
  • CIS Windows 2008 R2 Level 1 Domain Controller
  • CIS Windows 2012 Level 1 Member Server
  • CIS IE 10 Level 1
  • CIS iOS 7 Level 2
  • CIS iOS 7 Level 1
  • CIS RHEL 6 Level 1
  • CIS RHEL 6 Level 2
  • CIS Windows 2012 Level 1 Domain Controller

The UCF harmonizes IT controls from more than 400 international regulatory requirements, standards and guidelines. Using a unique methodology, Unified Compliance transforms this massive compilation of data into a single set of requirements that show the many points where multiple regulations overlap. Mapping the overlap enables businesses to quickly create a customized set of controls that fully leverage their existing compliance policies, processes and tools.

Unified Compliance was recently granted the first-ever patent for a Governance, Risk, and Compliance (GRC) framework. The UCF was honored with a 2014 GRC Technology Innovation Award by independent GRC analyst firm, GRC 20/20.

About Unified Compliance and the UCF

Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. More information can be found at unifiedcompliance.com.

About the Center for Internet Security

The Center for Internet Security (CIS) is a 501c3 nonprofit organization focused on enhancing the cyber security readiness and response of public and private sector entities, with a commitment to excellence through collaboration. CIS produces consensus-based, best practice secure configuration benchmarks and security automation content, and serves as the key cyber security resource for state, local, territorial and tribal governments, including chief information security officers, homeland security advisors and fusion centers.  CIS provides products and resources that help partners achieve security goals through expert guidance and cost-effective solutions. To learn more please visit cisecurity.org or follow us on Twitter at @CISecurity.