Step

Definition

1.

Authority Document Research in which we find new and updated Authority Documents.

UCF Issuers List

Issuers.xls

2.

Library Categorization of the Authority Documents.

UCF Authority Documents List

Authority Documents.xls

3.

Analysis of References within each of the Authority Documents.

UCF Citations List

4.

Citation and Harmonized Control Mapping wherein we assign each of the references within an Authority Document to a matching UCF Control or Metric ID. Or, if there is no matching UCF Control, we then create a new UCF control and map the references and citation to the new control.

UCF Controls List (with Metrics included)

HTML Commentary files

Word-based Metric standards

UCF Controls.xls

5.

Role Mapping wherein we map organizational roles to the UCF controls.

UCF Roles List

Word-based Role standards

6.

Asset and Configurable Item Mapping wherein we map the UCF's configuration-based controls to their assets (and configurable items that are a part of the asset).

UCF Vendors List

UCF Assets List

UCF Configurable Items List

7.

Compliance Process and Document Mapping wherein we map the UCF's controls to their appropriate compliance processes and their associated policies, standards, and procedures.

UCF Compliance Documents List

Word-based Policy, Standard, Procedure, and Checklist documents

8.

Audit Question Mapping wherein we examine each control and its associated roles, assets, and compliance processes and assemble a coherent set of audit questions from that amalgamation.

UCF Audit List

UCF Audit Guidance.xls