This describes the XML representation of the UCF's Record Category XML Schema Definition (XSD). Each of the elements, types, and attributes that make up the format are described in detail.

The URL for the Record Category XML structure is as follows:

http://unifiedcompliance.com/NFI/XSDs/2_2/UCF_Record_Categories_v2_2.xsd

It is not enough for any IT manager to document an information system and state that "this is an X system, and should be protected this or that way." The level of protection afforded to any IT system must depend upon the classification of the records, information in those records, and business functions that those records and that information supports. Hence, it is essentially the information that must be classified, which then defines the classification of the system.

The reason for information classification is to provide guidance to those who will first identify and then protect the confidentiality, integrity, and availability of that information.

In order to determine how to protect information, the organization must understand four key items:

1. The function itself, and its criticality for the organization.

2. The type of tasks that must be performed in order to support the business function.

3. The type of records that fall within each information type (this document).

4. Any special data handling rules that could be applied to those record categories or data fields.

Therefore, this XML specification is one part that defines and relates all four of these key items together into a cohesive whole.

UCF_RecCat_Item (UCF_RecCat_Item_Type)

The UCF_Record_List is comprised of the UCF_Record_Item containers. The UCF Record Item defines each individual "record" within the list. Each container is split into two key elements that must be present at all times:

• UCF_Meta_Data

• UCF_Basic_Info

UCF_Meta_Data (UCF_Meta_Data_Type)

For detailed documentation of Meta Data fields, please refer to the Meta Data documentation. Below is a list of the meta data fields that are included in the Record list.

• UCF_RecCat_Release_Version

• UCF_RecCat_SNED

• UCF_RecCat_ID

• UCF_RecCat_ID_CheckDigit

• UCF_RecCat_Live_Status

• UCF_RecCat_Deprecated_By

• UCF_RecCat_Deprecation_Notes

• UCF_RecCat_Date_Added

• UCF_RecCat_Date_Modified

UCF_Basic_Info (UCF_Basic_Info_Type)

The UCF_Basic_Info element has exactly what you'd expect - the most critical information that pertains to all types of Record Categories.

UCF_RecCat_Name (ucf:non-empty-string)

This is the name of the record category.

UCF_RecCat_Description (ucf:non-empty-string)

This is the description that provides further information about the type of records that belong to this category.

UCF_RecCat_Retention_Event (restriction of 'ucf:non-empty-string')

This is the event which triggers the disposition (destroying) of the record. This event can be anything from "creation date" through "end of lifecycle," but it currently limited to three items (so far). It is used in conjunction with the UCF_Record _Retention_Years data element. This element is a restricted list item which is currently restricted to the following values:

• last activity

• creation

• archive date

UCF_RecCat_Retention_Years (ucf:non-empty-string)

This is the period of time in years from the retention event that the record should be destroyed.

UCF_RecCat_CIA_Label (ucf:non-empty-string)

This defines the labeling that all task-based information should have. Remember that labeling is different than a classification. Currently the UCF team only assigns labeling based upon a simplistic calculation. We use a "Case" statement (fancy multiple if-then) to come up with the following:

Case(
PatternCount ( Join Rec Cat to Breach DF::UCF_Join_Live_Status; 1) ≠ 0;"Restricted: Subject to Breach Notification and other regulatory control guidance for labeling";
PatternCount (Join Rec Cat to Gen DF::UCF_Join_Live_Status; 1) ≠ 0;"Follow regulatory control guidance for labelling";
UCF_Task_Avail = "High" or UCF_Task_Conf = "High" or UCF_Task_Integrity = "High";"Restricted";
UCF_Task_Avail = "Moderate" or UCF_Task_Conf = "Moderate" or UCF_Task_Integrity = "Moderate";"Internal";
"Unrestricted")