Which of the following is true about the UCF-to-ServiceNow mapping for imports?

Common controls from UCF are high‑level requirements that you want to reuse across systems, so the import targets the representation of a control objective. In ServiceNow IRM, policy statements are used to express those control objectives. Importing common controls into the policy statement object (sn_compliance_policy_statement) provides a single, reusable objective that other elements—such as specific controls, evidence, and tests—can link to later. Mapping to an Authority Document, a single Control, or a Citation would treat the item as provenance, a concrete control, or a reference, rather than the objective itself, which isn’t how common controls are intended to be represented. So the correct mapping is into the policy statement that stands for the control objective.