Versions Compared

Version Old Version 1 New Version 2
Changes made by

Vicki McEwen

Vicki McEwen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Expand
titleTable of Contents
Table of Contents
minLevel1
maxLevel3
outlinefalse
stylenone
typelist
printabletrue
Page Properties

Target release

Q1 2025

Epic

Document status

Status
titleDRAFT

Document owner

Designer

Tech lead

AI Lead

Integration Lead

QA

🎯 Introduction

This document outlines the phased implementation of API endpoints, backend infrastructure, and preliminary user-facing components for UCF Analyst.

The aim is to ensure foundational readiness for scaling data accessibility and supporting commercial opportunities in compliance and governance systems.

🔗 References

Related PRDs

Lessons Learned

\uD83D\uDCCA Success metrics

Goal

Metric

⚔️ Mission Critical Decisions

    \uD83E\uDD14 Assumptions

    🔗 Limitations

    • Lists do not exist in nextgen at this time.

    🖇️ Dependencies

    \uD83C\uDF1F Milestones & Timeline

    #

    Milestone

    Objective

    Key Deliverables

    1

    API Endpoints

    Develop key API endpoints to support the first focus of the Preference-Driven AI System.

    • Fully functional API endpoints:

      • Glossary Endpoint

      • Vendors/Organization Endpoint

      • Assets Endpoint

      • Configurable Items Endpoint

      • Configuration Settings Endpoint

      • Configuration Methods Endpoint

    • Comprehensive API documentation for seamless integration.

    • Moving data from Legacy system into NextGen for the above endpoints.

    🎲 Use Cases

    • OEM Software Supported Coverage

    Use Case

    NextGen

    As a GRC professional, I would like to see the Framework References I have Common Control support for, and the mandates extracted from them.

    Exists

    • ADs Endpoint

    • Citations Endpoint- for single AD

    • Mandates Endpoint- for single AD

    • Common Controls Endpoint -for single AD

    Does not Exist

    • UI

    • Citations Endpoint for multiple ADs

    • Mandates Endpoing for Multiple ADs

    • Common Controls Endpoint for multiple ADs

    As a GRC professional, I would like to select a set of Frameworks and compare the Common Control coverage - for both licensed and nonlicensed Frameworks.

    Does not Exist

    • UI

    • Common Control to ADs Endpoint

      • Possible Metadata only for ADs?

    As a GRC professional, I would like to see how the Common Controls are mapped back to the Frameworks I am licensed to.

    Does not Exist

    • Common Controls to Tagged Mandates Endpoint

    • Common Controls to Citations Endpoint

    As a GRC professional, I would like to see a list of Control Implementations for the Common Common controls I am licensed to use.

    Info

    This may be possible through the control hierarchy of Common Controls

    Endpoing

    Endpoint

    Does not Exist

    • Common Controls Implementations Endpoint

      • (Children Controls of the Matched Common Control)

    \uD83D\uDDD2 Functional Requirements

    #

    User Story & Title

    Description

    Notes

    AD Frameworks to Common Controls User Interface

    Build an interface for users to view a list of Common Controls for all licensed Authority Documents.

    Considerations

    • Ability to hide ADs and their controls from list (no save view at this time)

    • Ability to highlight controls for specific ADs

    Common Controls to Assets User Interface

    Build an interface for users to view all Assests associated with the Common Controls for all their licensed Authority Documents.

     

    Common Controls to Config Information User Interface

    Build an interface for users to view all Configuration information for each Assets associated with the Common Controls for all their licensed Authority Documents.

    AD Frameworks to Common Controls Common Controls to unlicensed ADs interface

    (Compare)

    Build an interface for users for to view all the Unlicensed, publicly searchable, ADs overalpping overlapping with the Common Controls for all their licensed Authority Documents.

    Considerations

    • Filters for unlicensed ADs (Geography, Subject Matter, Originator)

    Note

    May want to not show the exact common controls they unlicensed ADs map too.

    📕 Non-Functional Requirements

    #

    User Story & Title

    Description

    Notes

    Implement, test, and monitor performance standards

     Support serving content via HTTP/3

     

     

    Security headers are included in every HTTP response

    Compress all HTTP responses.

    Included etags, caching, and cache busting for all HTTP API endpoint responses, webpages, and webpage assets.

    🔖 API Requirements

    #

    User Story & Title

    Description

    Notes

    1

    Glossary Endpoint1

    Vendors/Organization Endpoint

    Retrieves vendor-related information for assets.1

    Assets Endpoint

    Retrieves asset information.

    1

    Configurable Items Endpoint

    Retrieves of configuration items relevant to assets.

    1

    Configuration Settings Endpoint

    Retrieves configuration settings tied to assets and configurable Items.

    1

    Configuration Methods Endpoint

    Retrieves methods tied to configurable assets items.

    1

    Source Data Distribution Data

    Common Control to licensed ADs Endpoint

    Common Control to AD Catalog Endpoint

    Common Controls to Tagged Mandates Endpoint

    Common Controls to Citations Endpoint

    Common Controls Implementations Endpoint

    Citations Endpoint for multiple ADs

    Mandates Endpoint for Multiple ADs

    Common Controls Endpoint for multiple ADs

    Bulk Mandate Endpoint

    Bulk Common Control Endpoint

    Bulk Citations Endpoint

    Flows

    🖥️ User Interface

    🏁 User Workflows

    🗺️ Architecture

    🚚 Deliverables

    (question) Open Questions

    Date, Question

    Answer

    Date Answered, by whom

    (warning) Risks and Mitigations

    Risks

    Mitigations

    🛑 Out of Scope

    🚧 Change Log

    This section includes changes made to PRD after approval.

    Date

    [Date of Change]

    Change Description

    [Brief Overview of the Change]

    LOE

    [Estimation in Hours/Days]

    Impact

    [Impact on overall project timeline or resources]

    Approver/

    Decision Maker