An Authority Document is simply a document that your organization must comply with.
The different Authority Document types that we have identified are:
- Audit Guideline
- Best Practice Guideline
- Bill or Act
- Contractual Obligation
- International or National Standard
- Organizational Directive
- Regulation or Statute
- Safe Harbor
- Self-Regulatory Body Requirement
- Vendor Documentation
Some notable examples are:
- ISO 27992
- NIST 800-53
- PCI DSS
Once we identify an Authority Document, our mapping team creates Citations which link each of the mandates within the document to a Common Control.
The UCF maps Authority Documents based on customer request. Please submit a support request if you want to submit an Authority Document mapping request.