hdr_logo_top.gif
hdr_logo_bottom.gif

The support site for the Unified Compliance Framework


The cDoc XML format and schema

This describes the XML representation of the UCF's Compliance Document (cDoc) XML Schema Definition (XSD). Each of the elements, types, and attributes that make up the format are described in detail.

The URL for the cDoc XML structure is as follows:

http://unifiedcompliance.com/NFI/XSDs/UCF_cDoc_List.xsd

The primary goal of the cDoc XML Schema is to provide a representation and method for linking controls into hierarchical subgroups and assigning them to the compliance document types (such as Policies, Standards, Procedures, etc.) that make the most sense. This allows the UCF's XML Licensees to create individual compliance documents, assign them to the controls most appropriate, and then have those controls also report their associated roles and assets. Good stuff.

Even more important (hey, we're thinking ahead here) is the tracking of versions and changes to each of these compliance documents. Each time a control is added to the list, it is added permanently and can only be deprecated. That means that any database or software reading that particular cDoc entry will know if controls have been added or deprecated from the individual document.

UCF_cDoc_Item (UCF_cDoc_Item_Type)

The UCF_cDoc_List is comprised of the UCF_cDoc_Item containers. The UCF cDoc Item defines each individual "record" within the list. Each container is split into three key elements that must be present at all times:

    • UCF_Meta_Data

    • UCF_Basic_Info

    • UCF_References

UCF_Meta_Data (UCF_Meta_Data_Type)

For detailed documentation of Meta Data fields, please refer to the Meta Data documentation. Below is a list of the meta data fields that are included in the cDoc list.

    • UCF_cDoc_ID

    • UCF_cDoc_ID_CheckDigit

    • UCF_cDoc_Live_Status

    • UCF_cDoc_Deprecated_By

    • UCF_cDoc_Deprecation_Notes

    • UCF_cDoc_Date_Added

    • UCF_cDoc_Date_Modified

    • UCF_cDoc_Release_Version

UCF_Basic_Info (UCF_Basic_Info_Type)

The UCF_Basic_Info element has exactly what you'd expect - the most critical information that pertains to all types of Compliance Documents.

UCF_cDoc_Description (xs:string)

The UCF_cDoc_Description field contains a brief description of the Compliance Document. It is usually a brief and to the point version of the Control Title that the Compliance Document is based upon.

UCF_cDoc_Primary_CE_ID (ucf:UCF_ID_Type)

The UCF_cDoc_Primary_CE_ID contains the 5 digit ID of the Control to which the Compliance Document is based upon.

UCF_cDoc_Revision_Date (xs:string)

The UCF_cDoc_Revision_Date field contains the last modification date of this Compliance Document. This date changes when a content record (Section E of the Compliance Document) is added or removed or if any of the fields in the main Compliance Document record change values. The date would not change if any related value's contents were to change (for example, if the wording on a Control Title were to change).

UCF_cDoc_Type (restriction of xs:string)

Compliance Documents can be one of six types (currently, until our XML Licensees suggest a change). The possible values for this field are as follows:

    • Policy

    • Standard

    • Procedure

    • Plan

    • Checklist

    • Template

UCF_References (UCF_Reference_Type)

The final section in every UCF XML is the references section. In this section, you will find a list of IDs for every related record from all tables that are visible from the table the XML is generated for. In the case of Compliance Docs, we decided to wrap this data in tags that correspond to the sections in our Compliance Document output. Scopes is Section C and Assignment is Section D in that output and contain Asset IDs from the UCF_Asset_List and Role IDs from the UCF_Roles_List respectively. For cDoc, the following fields are exported in the references section:

Scope (ucf:Scope_Type)

Scope is Section C from the Compliance Document output and contains UCF_Asset_IDs which relate to the UCF_Asset_List.xml file.

UCF_Asset_ID (ucf:UCF_ID2_Type)

This field is the key field for the UCF_Asset_List.xml file and contains a unique 7 digit identifier.

Assignment (ucf_Assignment_Type)

Assignment is Section D from the Compliance Document output and contains the UCF_Role_IDs which relate to the UCF_Roles_List.xml file.

UCF_Role_ID (ucf:UCF_ID2_Type)

This field is the key field for the UCF_Roles_List.xml file and contains a unique 7 digit identifier.

Content (ucf:Content_Type)

The Content section corresponds to section E of the Compliance Document output. This contains pointers to the controls which make up the Compliance Document along with all the relevant meta data you will need to make the Compliance Document's content appear hierarchically. The meta data fields are standard for the UCF and are described in detail in the Meta Data Documentation. The meta data fields included in this section are as follows:

    • UCF_cDocSub_ID (ucf:UCF_ID2_Type)

    • UCF_cDocSub_ID_CheckDigit (xs:integer)

    • UCF_cDocSub_Genealogy (xs:string)

    • UCF_cDocSub_Sort_ID (xs:string)

    • UCF_cDocSub_Live_Status (xs:integer)

    • UCF_cDocSub_Deprecated_By (xs:string)

    • UCF_cDocSub_Deprecation_Notes (xs:string)

    • UCF_cDocSub_Date_Added (xs:date)

    • UCF_cDocSub_Date_Modified (xs:date)

The only additional field you need to complete the Compliance Document is the UCF_cDocSub_CE_ID described below.

UCF_cDocSub_CE_ID (ucf:UCF_ID_Type)

The UCF_cDocSub_CE_ID field contains the 5 digit ID of the Control that makes up Section E of the Compliance Document.

Posted on January 14, 2010 3:18 PM |

Post a comment
 
 
 
Recent Site Updates
The Asset taxonomy
The Vendor taxonomy
Minimum requirements for a valid Asset entry
Reviewing the Vendor List
The UCF Vendor XML format and schema
Privacy Policy