This describes the XML representation of the UCF's Issuers database. Each of the elements, types, and attributes that make up the format are described in detail.

The URL for the Issuers XML structure is as follows:

http://unifiedcompliance.com/NFI/XSDs/UCF_Issuers_v2_1.xsd

The primary goal of the Issuers XML table is to provide a single list of research sites to the entire GRC and compliance community. Prior to the existence of this research site list, organizations and educational institutions were creating and updating their own research list sites. Because the UCF is in a unique position research-wise, we have made our global research list available to anyone and everyone who wants to use it, as well as anyone and everyone who wants to contribute to it.

Because this list is open to the public, the UCF team is more "lax" on strict naming conventions and categories, as we hope to use this extra "wiggle-room" to grow the list substantially.

UCF_Issuers_Item (UCF_Issuers_Item_Type)

Each UCF_Issuers_List is comprised of the UCF_Issuers_Item containers. The UCF Issuers Item defines each individual "record" within the list. Each container is split into three key elements that must be present at all times:

• • UCF_Meta_Data

  • UCF_Basic_Info

UCF_Meta_Data (UCF_Meta_Data_Type)

For detailed documentation of Meta Data fields, please refer to the Meta Data documentation. Below is a list of the meta data fields that are included in the Issuers list.

• • UCF_Issuer_ID

  • UCF_Issuer_ID_CheckDigit

  • UCF_Issuer_Live_Status

  • UCF_Issuer_Deprecated_By

  • UCF_Issuer_Deprecation_Notes

  • UCF_Issuer_Date_Added

  • UCF_Issuer_Date_Modified

  • UCF_Issuer_Release_Version

UCF_Basic_Info (UCF_Basic_Info_Type)

The UCF_Basic_Info element has exactly what you'd expect - the most critical information that pertains to all types of Issuers.

UCF_Issuers_Category (xs:string)

Within the UCF_AD_List, the Category is a direct reference to the Complex type UCF_AD_Parent_Type listed below. Within this Issuers list, the Category starts there, while we allow end users to provide additional category suggestions in order to grow the list. Therefore, we've set this as a string instead of pre-defined list.

• • Asia and Pacific Rim Guidance

  • Banking and Finance Guidance

  • Energy Guidance

  • EU Guidance

  • General Guidance

  • Healthcare and Life Science Guidance

  • ISO Guidance

  • ITIL Guidance

  • Latin American Guidance

  • NASD NYSE Guidance

  • NIST Guidance

  • Other Configuration Guidance

  • Other European and African Guidance

  • Payment Card Guidance

  • Records Management Guidance

  • Sarbanes Oxley Guidance

  • System Configuration Guidance

  • UK and Canadian Guidance

  • US Federal Privacy Guidance

  • US Federal Security Guidance

  • US Internal Revenue Guidance

  • US State Laws and Protectorates Guidance

  • Vendors

UCF_Issuers_Document_Type (xs:string)

Within the UCF_AD_List, the UCF_AD_Type is based upon a choice of items listed in their legal hierarchical status, as defined within the UCF_AD_Type_Type, documented below.

• • Bill or Act

  • Regulation or Statute

  • Contractual Obligation

  • Self-Regulatory Body Requirement

  • Audit Guideline

  • Safe Harbor

  • International or National Standard

  • Best Practice Guideline

  • Organizational Directive

  • Vendor Documentation

  • Not Set

The UCF_Issuers_Document_Type list uses this list as a starting point, but doesn't limit the recordset to this list in order for the list to grow organically. Therefore, we've set this as a string instead of pre-defined list.

UCF_Issuers_Language (xs:string)

If the Issuer's website is in a specific language, that's what needs to be entered here. However, we are not using the name of the language, but rather the ISO 639-2 Codes for the Representation of Names of Languages reference. A complete and up-to-date reference can be found online at http://loc.gov/standards/iso639-2/php/code_changes.php. By default, all websites are listed as being in English (code eng).

UCF_Issuers_Name (xs:string)

An issuer is the harmonized title the UCF team has given all those who either publish or promulgate authority documents. Technically, a publisher is a firm in the business of issuing printed matter for sale or distribution. However, when it comes to laws, the correct term is promulgator. A promulgator is the legal body that announces a law as a way of putting it into execution. This is distinct and different from a law's publishing office that prints and distributes the law. Sometimes the promulgator will have a domain under which to find their authority documents and sometimes they won't. Therefore, we use the harmonized term of issuer to cover authors, publishers, and promulgators.

The issuer's name might be a source of ambiguity because there are many ways to express the names of companies and other organizations. Therefore, our determination is the name used for the issuer should stem from the highest organization-specific label of the issuing organization's fully qualified domain name (FQDN) and URL directory where the document is made available. Even if the domain name is different from the organization's name, your organization must use the domain name for the Issuer Name. The table below shows some representative examples. Notice that both documents are part of the US's Code of Federal Regulations. However, one document's issuer is the US National Archives and Records Administration (the publisher) and the other is the promulgator itself. The third example shows the originating organization is the US Whitehouse staff, and specifically the Office of Management and Budget (which is also the issuer). Because the OMB doesn't have its own domain, it uses the Whitehouse's domain and its own directory. The final example shows that even though the title of the document suggests that it originates from the OMB, it originates from a different source (which has OMB members on it).

Document	Originating organization	Issuing Organization	DNS Name and directory
Safety and Soundness Standards, Appendix of OCC 12 CFR 30	US Office of the Comptroller of the Currency (OCC)	US National Archives and Records Administration	ecfr.gpoaccess.gov
Privacy of Consumer Financial Information, FTC 16 CFR 313	US Federal Trade Commission	US Federal Trade Commission	www.ftc.gov
OMB Circular A-123 Management's Responsibility for Internal Co	The US White House (office of the President)	US Office of Management and Budget	www.whitehouse.gov/OMB/
Implementation Guide for OMB Circular A-123 Management's Responsibility for Internal Control	US CFO Council	US CFO Council	www.cfoc.gov

The issuing organization is listed in this element, while the issuing organization's URL is listed in the following element. We hope combining the issuing organization's name and URL will help clarify any confusion.

UCF_Issuers_URL (xs:anyURL)

This is the Unique Resource Locator of the issuing organization in fully qualified domain name (FQDN) format - as well as the top level directory of the issuer if the issuer does not have its own domain name.