This describes the XML representation of the UCF's Organizational Tasks XML Schema Definition (XSD). Each of the elements, types, and attributes that make up the format are described in detail.

The URL for the Organizational Tasks XML structure is as follows:

http://unifiedcompliance.com/NFI/XSDs/2_2/UCF_Tasks_v2_2.xsd

It is not enough for any IT manager to document an information system and state that "this is an X system, and should be protected this or that way." The level of protection afforded to any IT system must depend upon the classification of the records, information in those records, and business functions that those records and that information supports. Hence, it is essentially the information that must be classified, which then defines the classification of the system.

The reason for information classification is to provide guidance to those who will first identify and then protect the confidentiality, integrity, and availability of that information.

In order to determine how to protect information, the organization must understand four key items:

1. The function itself, and its criticality for the organization.

2. The type of tasks that must be performed in order to support the business function (this document).

3. The type of records that fall within each information type.

4. Any special data handling rules that could be applied to those record categories or data fields.

Therefore, this XML specification is one part that defines and relates all four of these key items together into a cohesive whole.

UCF_Task_Item (UCF_Task_Item_Type)

The UCF_Task_List is comprised of the UCF_Task_Item containers. The UCF Record Item defines each individual "record" within the list. Each container is split into three key elements that must be present at all times unless otherwise indicated:

• UCF_Meta_Data

• UCF_Basic_Info

• UCF_References (if there are references)

The UCF_Task_Item defines the classification for the information itself based upon the task being performed. This table is more complex than the organizational function table, in that (a) each task type must be linked to an existing UCF_Function_ID, and (b) we are now adding the various confidentiality, integrity, and availability groups of information used in performing the task as well. The UCF_Task_Item_Type is the lynchpin table within the Information Classification XML schema.

UCF_Meta_Data (UCF_Meta_Data_Type)

For detailed documentation of Meta Data fields, please refer to the Meta Data documentation. Below is a list of the meta data fields that are included in the Record list.

• UCF_Task_Release_Version

• UCF_Task_SNED

• UCF_Task_ID

• UCF_Task_ID_CheckDigit

• UCF_Task_Live_Status

• UCF_Task_Deprecated_By

• UCF_Task_Deprecation_Notes

• UCF_Task_Date_Added

• UCF_Task_Date_Modified

UCF_Basic_Info (UCF_Basic_Info_Type)

The UCF_Basic_Info element has exactly what you'd expect - the most critical information that pertains to all types of Organizational Tasks.

UCF_Task_Name (ucf:non-empty-string)

This is the name of the task being performed.

UCF_Task_Description (ucf:non-empty-string)

This is the description of the task (and information that supports it) being classified. The description should define how this type of information supports its related organizational function.

UCF_Task_Avail (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Avail_Definition (ucf:non-empty-string)

This defines the basic availability classification for this task (and its information).

UCF_Task_Avail_Factor (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Avail_Special_Factor (xs:string)

This is the description of any special mitigating factors that might raise or lower the availability classification of the information supporting this organizational task.

UCF_Task_Conf (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Conf_Definition (ucf:non-empty-string)

This defines the basic confidentiality classification for this task (and its information).

UCF_Task_Conf_Factor (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Conf_Special_Factor (xs:string)

This is the description of any special mitigating factors that might raise or lower the confidentiality classification of the information supporting this organizational task.

UCF_Task_Integrity (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Integrity_Definition (ucf:non-empty-string)

This defines the basic integrity classification for this task (and its information).

UCF_Task_Integrity_Factor (restriction of 'xs:string')

Restricted to the following values:

• Low

• Moderate

• High

UCF_Task_Integrity_Special_Factor (xs:string)

This is the description of any special mitigating factors that might raise or lower the integrity classification of the information supporting this organizational task.

UCF_References (UCF_Reference_Type)

The final section in this UCF XML is the references section. In this section, you will find a list of ID's for every related record from all tables that are visible from the table the XML is generated for. Only one-to-many relationships are accounted for here as many-to-many joins have their own XML exports, XSDs, and documentation. For Organizational Tasks, the following reference field is exported:

UCF_Function_ID (ucf:UCF_ID2_Type)

This is the primary key field from the Organizational Function (UCF_Functions_List.xml) that is related to this Organizational Task.