GLBA News

New Unified Compliance Framework Q3 Release Harmonizes Over 2700 New Controls and Incorporates Specific Audit Guidance

(July 16, 2008)-- Network Frontiers, the leader in IT regulatory compliance management, announced the availability of the Q3 2008 Unified Compliance Framework (UCF), the first independent database to simplify IT compliance. The latest version of UCF highlights the addition of numerous new regulations and standards, including Fair and Accurate Credit Transactions Act (FACTA), Federal Financial Institutions Examination Council (FFIEC) and Fair Credit Reporting Act. UCF acts as the cornerstone of IT compliance, mapping hundreds of regulations, including PCI-DSS (Payment Card), Sarbanes-Oxley, HIPAA, CobiT, and NIST, into a master hierarchal framework.

"We are engaged with an accounting firm that owns several entities requiring them to be compliant with HIPAA, FFIEC, SOX and GLBA," said Christopher Hannan, owner of Optimal Technologies, LLC. "In order to for us to provide their compliance auditing and consulting, we needed a cost effective and easy way to organize their compliance obligations. After evaluating several products we found that the UCF not only met our needs, but exceeded them with a broad range of compliance areas."

Recent discrepancies surrounding Fair and Accurate Credit Transactions Act (FACTA) and PCI DSS have shed light on the importance of creating a methodology to interpret authority documents into measurable controls. The parameters of FACTA and PCI DSS conflicted in protecting consumer identity by masking different sections of a consumer's Payment Application Number (PAN). Despite this discrepancy, consumers were fully protected under each regulation. However, the problem existed because the regulations were interpreted based on what specific elements of consumer data needed to be protected rather than focusing on the demonstrative result of protected data. H.R. 4008 clarifies FACTA and reinforces the UCF's focus on controls and end results rather than the different parameters of sometimes conflicting or ambiguous legislation.

Network Frontiers examined 2,724 unique controls within 31 authority documents for the latest release of the UCF. Due to the UCF's harmonized methodology, only five new controls were required. In addition to the new controls, the new UCF augmented 695 existing controls with specific audit guidance and updated 777 individual controls.

"UCF looks at an organization's authority documents, puts them into context with one another, and creates a unified, cohesive product that makes the compliance process easier to understand and manage," said Dorian Cougias, UCF lead analyst.
New and updated authority documents now in the UCF include FACTA, FCRA, FFIEC IT Examination Handbooks, Gramm Leach Bliley Act, NIST 800 53A, ISO 18045 2005, PCI PA DSS Audit Procedures, and more. For more information, visit www.netfrontiers.com.

Share or bookmarklet this web page at: