CitationCt |
Short Description: A passage or expression in a document that is quoted or cited.
Long Description: citation is a passage or expression in a document that is quoted or cited. The example below shows a total of eight Citations (1, then 1(a) through 1(f), and 2):
There are four classes of Citations that you will encounter in each and every Authority Document, though not all Authority Documents will have all four classes (because Configuration Citations are only found in certain types of Authority Documents). The four classes of Citations are Configuration Citations, Citations with Mandates, Stub Citations, and Information Gathering Citations.
This element connects to the following elements:
Informational Links:
JSON Calls documentation:
This element is comprised of the following fields:
Field | Type | Description |
---|---|---|
id | integer | ID of the record |
time_created | string | The date and time the record was created. |
time_updated | string | The date and time the record was last updated. |
check_digit | integer |
We humans have to use numbers. However, when entering numbers, we humans also have a tendency to screw up the entry or copying of those numbers. A Dutch mathematician named Jacobus Verhoeff conducted a study of 12,000 numerical errors J. Verhoeff, Error Detecting Decimal Codes, Mathematical Centre Tract 29, The Mathematical Centre, Amsterdam, 1969, cited in Wagner and Putter, "Error Detecting Decimal Digits", CACM, Vol 32, No. 1 (January 1989), pp. 106-110. and from that, proposed a check digit calculation scheme http://www.augustana.ab.ca/~mohrj/algorithms/checkdigit.html#verhoeff that catches all single errors as well as all adjacent transpositions and most other errors. To ensure that the IDs assigned by the system have integrity during input as well as distribution while being transferred into various formats (such as Excel, Word, Text, XML), each ID will also have its own checksum value stored in a checksum field. Currently, the methodology for creating and verifying the checksum follows the Verhoeff calculation format. The CheckDigit is created along with the record's ID as a calculation by the UCF database system. As such, once assigned it should never change because the ID will never change. A sample calculation format is shown in the use case scenarios. |
date_added | string |
Date_Added is a date stamp for when the record was created. This element is created when the record is entered into the UCF’s Master Content database and not the working database. We chose this method because the UCF team’s editorial process is a fluid one which allows, during the editing process, for records to be added, moved, deleted, or even “un-deleted” fluidly until the lock-date that ends the editorial process. Once the lock-date has been reached, all of the records are then finalized from the “working” list and uploaded as a batch to the Master Content database, which also triggers the change log process. Therefore, it is common to see all new records for any given quarter being added on the same date. Because the Date Added element is controlled post-editorial process, the UCF database system manages everything automatically. |
date_modified | string |
Date_Modified is a date stamp for when the record was modified. We use this as a key field for tracking all roll forward and roll backward field calculations. The initial date reflects the date the authority document was added to the database. This element is created and updated when the record is entered into the UCF’s Master Content database and not the working database. We chose this method because the UCF team’s editorial process is a fluid one which allows, during the editing process, for records to be added, moved, deleted, or even “un-deleted” fluidly until the lock-date that ends the editorial process. Once the lock-date has been reached, all of the records are then finalized from the “working” list and uploaded as a batch to the Master Content database, which also triggers the change log process, which relies on this field to trigger that a change has taken place in the record. Therefore, it is common to see all new records for any given quarter being “modified” on the same date, and all modifications for the quarter to happen on the same date as well. We have heard from multiple XML licensees that they would rather have the exact date and time that the record was modified instead of the batch upload date. That isn’t possible, given that all of the XML licensees also want us to produce a compact and digestible change log. A change log based upon the exact date of modification would have already produced several instances with over ten changes for certain records. Changes that were of no consequence to either the XML licensee or an end user, because those changes were simply a part of our internal editorial process. Therefore, to save processing time on the change log and to shorten the length (of the already very heavy) change log, we made the strategic decision to limit both date modified and date created to be the batch upload dates. Because the Date Added element is controlled post-editorial process, the UCF database system manages everything automatically. |
deprecated_by | string |
If a record in the UCF needs to be deprecated, the record will not be deleted from the system. Instead, the record will be marked as deprecated (its "Live Status" field will be set to 0), and the Deprecated By field will be filled out with the ID(s) of the record(s) that took its place (if any). Initially this element is blank and only a UCF editorial process can indicate a Deprecated By content change. That change is then reviewed by the editorial reviewer and editorial approver. If there are contents in this field, the Live Status field must be set to deprecated (0). |
deprecation_notes | string |
Deprecation notes are new to version 2.1 of the UCF, and we’ve done as good a job as possible back-filling them to ensure that we have covered our bases. In a nutshell, when our mappers, reviewers, or approvers have made the decision to deprecate one of the records in the various XML tables, they will add their deprecation notes, their reasoning, to this field. There is no set format for what they are writing, so there aren’t any hard and fast editorial rules, other than something has to be added to the field during deprecation. |
genealogy | string |
Within the UCF, a record’s genealogy is a set of UCF IDs strung together as distinct words (e.g., 0000000 0000001 0000002) that represent (from right to left) the current record’s parent, grand-parent, great-grand-parent, on back to the very root element that spawned the list. At minimum, every record will have a genealogy of 0000000 which represents the root record within the list. The genealogy element is initially created by the UCF database system when the record in question is created. If the record in question is moved lower or higher in the taxonomy, the genealogy is automatically re-calculated and the value will change to reflect the new taxonomic structure. Because the UCF editorial team does not have edit privileges for this element, the genealogy will always reflect the taxonomic position the record was last stored in. If there is a dispute about the record’s genealogy, the dispute is an editorial one, and not a programming one. |
language | string | If the record is in a specific language, that’s what needs to be entered here. However, we are not using the name of the language, but rather the ISO 639-2 Codes for the Representation of Names of Languages reference. A complete and up-to-date reference can be found online at http://www.loc.gov/standards/iso639-2/php/code_changes.php. By default, all records are in English (code eng). |
license_info | string |
Because some of the records within the UCF are being provided by external sources, we now indicate this with a URI stored here. By default, the URI will point to Unified Compliance usage license information. If the record is subject to external (outside of the UCF) usage terms, the URI will point you to those usage terms. |
live | Boolean |
This is either a 1 or a 0. It indicates whether the record is live within the database, or should be redacted. Because the UCF™ treats every ID as both unique and persistent, we never delete an ID once used, nor do we re-use the ID. Therefore, if we have to redact a record, we merely mark the Live Status as moving from 1 (live) to 0 (redacted). All records are initially created and marked by the system as Live (1). There are certain scripts that the UCF’s database team will run to ensure that two instances of automated deprecation takes place: 1. If an Authority Document has been deprecated, all of its citations will be deprecated. 2. If a control has no citations pointing to it, the control in question will be deprecated. Other than the instances noted above, records must be deprecated as an editorial process and approved by both the editorial reviewer and the editorial approver. When the Live Status is set to deprecated (0), there might also be a corresponding setting for the Deprecated By element, but this is not mandatory. |
parent.id | Integer | ID of the associated parent for this record. |
sort_id | string |
We sort our displayed information according to a taxonomic display hierarchy (which means that the genealogy plays a vital role). For the most port, each element in any of our lists is given a three digit sort identifier. We then append the record’s sort identifier to its parent’s sort identifier to create its Sort ID. We treat this numeric Sort ID as a text field so that we can run our sort routine from left to right in the character string. The Sort ID is created and managed in the same manner as the genealogy (it is a dynamic calculation). It directly reflects the record’s place within the taxonomic hierarchy and is therefore uneditable by the UCF’s editorial team (although the team does set the sort order, the system handles the ID to manage the sort order). Any disputes with the validity of the sort ID are in effect a dispute with where the UCF’s editorial team placed the record in question within the taxonomic structure. |
sort_value | integer | The Sort Value is relative to its siblings, sort ID is relative to the entire hierarchy. Developers should be using the Sort ID instead of the Sort Value. |
reference | string | A reference is an individual instance of guidance found within an Authority Document. ¶ 2 of the Senate Appropriations Bill says this, or ¶ 2.1.1 of the Senate Appropriation Bill says that. References are always identified by their document separators, such as the paragraph mark (¶), section mark (§), or even question number (Q). |
guidance | string |
This is the actual Citation Guidance copied directly from the Citation in the Authority Document. A citation is a passage or expression in a document that is quoted or cited. The example in the click HERE below shows a total of eight Citations (1, then 1(a) through 1(f), and 2). The guidance portion would be the text of each paragraph, stripped of the reference identifier and any parenthetical information, such that paragraph "(a)" below has "processed lawfully, fairly and in a transparent manner in relation to the data subject." Click HERE for the Citation Guidance graphic. |
guidance_as_tagged | string |
Within the UCF Mapping process, there are times the mappers have to add additional text for tagging purposes when the original authors intended to say something but didn't say it in a way that can be tagged within the text. An example of this is as follows where the original text intended one thing, but said something different: "Verify that the organization has a compliance policy/procedures". In this sentence, the author intended to say "has a compliance policy and compliance procedures", but they didn't say that. When the UCF Mapping process encounters these types of intentions and omissions, we add additional text in curly brackets "{ }" in front of the Citation Guidance to show that we are explicitly adding text (in this case, compliance procedures for mapping purposes. Therefore, this field would look like this: "{compliance proceduers} Verify that the organization has a compliance policy/procedures." |
authority_document.id | Integer | ID of the associated authority document for this record. |
control.id | Integer | ID of the associated control for this record. |
asset | URL | URL to get this record's asset information. |
audit_item | URL | URL to get this record's audit item information. |
authority_document._href | URL | URL to get this record's authority document information. |
compliance_document | URL | URL to get this record's compliance document information. |
configurable_item_with_settings | URL | URL to get this record's configurable item with settings information. |
control | URL | URL to get this record's control information. |
data_content | URL | URL to get this record's data content information. |
is_audit_question | Boolean |
This is either a 1 or zero. Most Citations, about 98% of them, are simple mandates; do this or that, don't do this or that. We automatically link these Citations to the corresponding Common Control's Audit Question. However, there are those 2% Citations that call for the reader to examine something, test something, observe something, or interview someone. Because these Citations are audit questions in and of themselves, we flag the Citation so that the audit or GRC tool can use the actual Citation in place of the corresponding Common Control's Audit Question. |
metric | URL | URL to get this record's metric information. |
monitored_event | URL | URL to get this record's monitored event information. |
organizational_function | URL | URL to get this record's organizational function information. |
organizational_task | URL | URL to get this record's organizational task information. |
record_category | URL | URL to get this record's record category information. |
record_example | URL | URL to get this record's record example information. |
role | URL | URL to get this record's role information. |
sentence | string | Internal use only. |