You are on page 1of 4

The UCF Announces UCFinterchange to Support Cybersecurity

New Interchange Format Enables Automated Audits with Continuous Monitoring

When UCF developers leverage UCFi, their customers will be able to automatically apply any audits to any systems in the enterprise -- and then maintain those audits through continuous monitoring. It's win-win. Las Vegas, NV (PRWEB) September 24, 2013 Unified Compliance, the premier provider of IT compliance mapping and creators of the Unified Compliance Framework (UCF), announced UCFinterchange (UCFi) at the PCI Security Standards Council 2013 Community Meeting. Developed to support new global security regulatory demands as well as the U.S. Cybersecurity Initiative, UCFi enables Secure Configuration Management (SCM) and Configuration Auditing (CA) tools to communicate directly with Governance, Risk and Compliance (GRC) tools for security and compliance monitoring and reporting. Continuous monitoring enables real-time response to new security threats and compliance demands. Without an interchange format such as the UCFi, continuous monitoring and cybersecurity are siloed operations, incapable of communicating in a meaningful way. This isolation approach has proven to be ineffective in securing systems, as well as being costly, unnecessarily complex, and time-consuming. We fully expect UCFi to have an impact on all aspects of the compliance industry. When something that saves significant time, costs, and effort becomes possible and is then implemented by industry leaders, regulators move to adopt those requirements and insist the features be included in solutions so they can also get those results, said Craig Isaacs, CEO of Unified Compliance. At this time, participating UCF partners include Qualys, LockPath, MetricStream, NetIQ, RSA Archer, Allgress, BWise, CAaNES, eGestalt Technologies, Lumension, TraceSecurity, and Wolters Kluwer. INSIDE THE UCFi

The systems that run many nations critical infrastructure -- such as the electric grid, drinking water, airports, trains, and other transportation systems -- are increasingly networked. As with any networked system, these systems are potentially vulnerable to a wide range of threats. Protecting these systems from cyber threats is obviously critical to maintaining safety, essential public services, the economy, and homeland security. In 2013, U.S. President Obama signed an Executive Order designed to increase the level of core capabilities for our critical infrastructure to manage cyber risk. A key part of that initiative are the guidelines calling for continuous monitoring and auditing of these essential, intricate networked systems. Cybersecurity guidelines such as FedRAMP, CAESARS, and SAIR Tier III in the US, as well as an increasing number of global cybersecurity initiatives such as the BSI Act in Germany and CIP/CIIP in Australia, all call for Secure Configuration Management (SCM) and Configuration Auditing (CA) tools to communicate directly with Governance, Risk and Compliance (GRC) tools. UCFinterchange (UCFi) format facilitates that communication. UCFi utilizes a guideline set of XML specifications which allow UCF XML licensees to share information between Governance, Risk and Compliance (GRC) tools and Secure Configuration Management (SCM) or Configuration Auditing (CA) tools, using the existing UCF data structures and content. UCFi is slated to go live early 2014. The UCF is best known for making compliance with regulatory demands much easier, said Isaacs. But weve been enabling more effective security processes as well. UCFi is a great example of how compliance supports cybersecurity and vice-versa. When UCF developers leverage UCFi, their customers will be able to automatically apply any audits to any systems in the enterprise -- and then maintain those audits through continuous monitoring. It's win-win." UCF PARTNERS SHOW THEIR SUPPORT eGestalt Technologies ( We welcome the UCFi initiative from Unified Compliance, said Anupam Sahai, eGestalt Co -Founder and President. This aligns quite well with eGestalts vision to provide a unified security monitoring and compliance management solution through an easy-to-use cost-effective Cloud-SaaS solution. We like the ability of UCFi to help promote the interoperability of various GRC and Security monitoring tools, thereby benefiting the end customers. eGestalt is an SMB market leader in IT-GRC and security monitoring and this initiative will help us to further solidify our ability to better serve our customers through interoperability with other solution(s). Qualys ( Unified Compliance Framework has built a comprehensive compliance database that unifies controls across all authority documents, thus simplifying and centralizing compliance efforts, said Philippe Courtot, chairman and CEO for Qualys. With the integration of the UCF into QualysGuard, customers are now able to quickly map technical standards to their internal policies or regulations and report on them through QualysGuard and GRC solutions." LockPath ( "The UCF has become an integral part of IT GRC initiatives. As Unified Compliance continues to innovate, its UCFi format will enable GRC platforms like Keylight to form a deeper and more meaningful relationship within IT GRC ecosystems, said Chris Caldwell, LockPath CEO. This important context will benefit our customers who have adopted the UCF by providing powerful data correlation, enabling them to make better and faster business decisions." MetricStream ( When deploying a GRC solution, mapping policy and regulatory requirements to security configurations for continuous monitoring requires significant effort. UCFi provides the first standards based approach where security configurations can be directly mapped back to policy and regulatory requirements in an automated manner, said Vasant Balasubramanian, VP of Product Management at MetricStream. MetricStream is delighted to work on this

important initiative as we are witnessing a growing demand from customers for this. UCFi will enable our solutions to seamlessly exchange information with solutions like NetIQ and Qualys to provide real-time visibility into the state of information security and compliance related risks while keeping up with evolving regulations and standards. NetIQ ( Given the complexity of todays IT environments and regulatory landscape, IT organizations need visibility derived from consistent, actionable intelligence so that they can accurately report on business risk, commented Michael Colson, senior product manager at NetIQ. Participating in the UCF interchange ensures that we further our mission of helping IT demonstrate business value in a consistent manner across the IT domain. By standardizing how we report data the business uses to make decisions, organizations will be in a more advantageous position to manage risk, better understand security, and meet compliance demands. Allgress ( The information security industry is going through a major paradigm shift today from IT security centric organizations to risk management organizations. This requires CISOs and security leadership to work with business owners to automate their continuous monitoring efforts. Allgress is delighted to be part of the introduction and ongoing evolution of the UCFi initiative with Unified Compliance, the industry authority in IT compliance mapping. UCFi further extends unifying the interchange of configuration data along with standards, frameworks, best practices in a common way so that business leaders can make educated decisions when used in conjunction with the Allgress Insight Risk Management Suite, said Gordon Shevlin, CEO at Allgress, Inc. BWise ( The BWise GRC Platform is designed to cover all aspects of a companys GRC needs: tracking, measuring, and managing key organizational risks. By integrating the UCF, BWise customers can easily select the set of regulations that it must comply with and immediately execute IT controls, said Luc Brandts, CTO and Founder of BWise, a NASDAQ OMX company. UCFi combined with BWise Data Analytics for Co ntinuous Monitoring and Continuous Auditing provides even more value by enabling information sharing between our GRC platform and Secure Configuration Management or Configuration Auditing tools. This provides even more accurate and immediate risk reporting and auditing. CAaNES ( RiskSense is one of the first risk prioritization and attack mitigation platforms to leverage the power of UCFi to provide contextual awareness and address compartmentalized and silo approaches to risk management, said Mark Fidel, president of CAaNES. RiskSense facilitates communication between all levels of an organization, from upper management to IT technicians, providing users with a holistic and succinct assessment of their security posture and risks. Leveraging the power of UCFi, RiskSense automates a portion of the compliance process, easing the burden at all levels of an organization so users have more time to focus on improving their security posture. Lumension ( Lumension Risk Manager consolidates multiple sources of IT risk information and correlates this assessment data across all IT assets, providing trending analysis and security posture scores, said Chris Andrew, Vice President, Security Technologies, Lumension. UCFi integration is a welcome addition for LRM and Lumension Endpoint Management and Security Suite customers because it further streamlines the compliance process and increases overall visibility. TraceSecurity ( TraceCSO was built with open architecture to accommodate the integration of other technologies and point solutions. The UCFi aligns with this long-term strategic vision for TraceCSO, our flagship IT GRC software solution, and gives TraceSecurity the ability to expedite integration with other UCF-based systems, eliminating the need for complicated data model adaptation, said Peter Stewart, president and CEO of TraceSecurity. We see the UCFi as an essential addition to our TraceCSO toolset for enabling customers to realize more effective IT GRC programs in their organizations.

Wolters Kluwer ( Our customers value the UCFs integrated and harmonised control content and will welcome an initiative such as UCFi, that will simplify the process of integrating information from the systems used to define, manage and monitor cybersecurity with their ARC Logics risk and compliance platform, said Mike MacDonagh, Content Director, Enterprise Risk and Compliance.

### About Unified Compliance and the UCF Since 1992, Unified Compliance has developed ground-breaking tools to support IT best practices, with a focus on solutions and processes that further the science of compliance, including harmonization methods, metrics, systems continuity and governance. The UCF was created by Dorian Cougias and his research partner, Marcelo Halpern of the international law firm Perkins Coie, which oversees all legal aspects of the UCF. More information can be found at About eGestalt Technologies eGestalt ( is a world-class, innovation driven, leading provider of cloud-computing based enterprise solutions for information security and IT-GRC management. eGestalt is headquartered in Santa Clara, CA, and has offices in the US, Asia-Pacific and Middle East. eGestalt was named a 2013 'Emerging Vendor' by CRN and UBM Channel in July 2013. eGestalt was named the Winner of TiE50 2013, a prestigious award for enterprising technology startups worldwide, May 2013. eGestalt SecureGRC was given a rating of 4.5 stars (out of a maximum 5) with 5 stars for Features, Support and Value for money by SC magazine in June 2012. In Feb. 2012 and 2013, eGestalt President Anupam Sahai was named a Channel Chief by Everything Channel's CRN. eGestalt has been ranked in the Top 10 Vendors for Compliance Management and Data Access & Security by Hypatia Research, Q4 2011. Read more on - IT Security and compliance, HIPAA/HITECH Compliance