An Authority Document is simply a document that your organization must comply with.
The different Authority Document types that we have identified are:
- Audit Guideline
- Best Practice Guideline
- Bill or Act
- Contractual Obligation
- International or National Standard
- Organizational Directive
- Regulation or Statute
- Safe Harbor
- Self-Regulatory Body Requirement
- Vendor Documentation
Some notable examples are:
- ISO 27992
- NIST 800-53
- PCI DSS
Once we identify an Authority Document, our mapping team creates Citations which link each of the mandates within the document to a Common Control.
The UCF maps Authority Documents based on customer request. Authority Document Requests are tracked and submitted HERE.
Submit a new AD request or add your vote to a requested document in the list. Published Authority Documents with the most requests are prioritized in our mapping queue.
If you have a list of Authority Documents or internal documents you need mapped, our Professional Mapping Services can help you out. In this scenario, WE do all the heavy lifting! We work with your company’s team to ensure we agree on what is to be mapped and to what controls. We can map Authority Documents with your team members or do the entire mapping project for them. They can be as involved as they like—or not at all. We also work with consulting and legal teams in partnership to deliver mappings. To find out more about Unified Compliance Professional Mapping Services, contact firstname.lastname@example.org.