There are three main schemas that are documented here, those pertaining to Software Identification tags (SWID Tags), that are managed through a partnership with the UCF and TagVault.org, those schemas managed through the Dictionary Society (DSNA)’s SIGLEX Group, and those managed directly by the Unified Compliance team.
Software Identification Tags (SWID tags) are intended to record unique information about an installed software application, including its name, edition, version, and supports software inventory and asset management initiatives.
For organizations to benefit from their use, configuration guidance can be provided by vendors to support the implementation of regulations and standards such as HIPAA, GDPR, PCI, NIST 800–53, and others.
Members of TagVault.org are encouraged to participate at GRCschema.org in the further development of these specific schema elements to:
- Certify extended SWID Tag authoring individuals and organizations
- Certify both basic and extended SWID tags
- Map configuration guidance to the UCF’s Common Controls as product-specific implementation guidance
- Lead the development and customization of the API to market standard and adoption
The Unified Compliance Framework
The Unified Compliance Framework (UCF for short) is composed of a great many elements that will be documented within the UCF’s Schema pages. Members of the UCF community are also encouraged to participate at GRCschema.org in the further development of these specific schema elements.
Data model Element Icons
Each of the elements below represent different data model elements of one of the schemas. For simplicity, each item will be called an element.
|Squared elements denote external authority over the element.|
|Notched elements denote elements that the organization can govern.|
|Teardrop elements denote elements found in the CCH website.|