News

Monthly Selected Authority Documents - March, 2018

April 10, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST SP 800-53 R4International or National Standard60426
EU General Data Protection Regulation (GDPR)Regulations52503
ISO 27001-2013International or National Standard508118
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard45185
Sarbanes Oxley SOXRegulation or Statute395612
NIST SP 800-53 R4 High ImpactInternational or National Standard38623
NIST SP 800-53 R4 Low ImpactInternational or National Standard38143
FedRAMP Baseline Security ControlsAudit Guideline32314
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation31523
HIPAABill or Act30378
NIST SP 800-171International or National Standard3041
ISO 27002International or National Standard29107
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor28313
Gramm Leach BlileyBill or Act26126
NIST SP 800-53International or National Standard2673
CobiTSafe Harbor24696
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard24137
NIST Cybersecurity FrameworkInternational or National Standard2311
HIPAA Electronic Health Record TechnologyRegulation or Statute2073
ISO/IEC 27002:2013(E)International or National Standard196313
45 CFR Part 164Regulation or Statute17136
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1793
NIST SP 800 66Safe Harbor1685
Red Book (Condensed)International or National Standard1600
ISO 31000 R 2009International or National Standard14644
Cloud Security Alliance CCM V1.3Best Practice Guideline13115
CSIS 20 Critical Security ControlsBest Practice Guideline13624
HIPAA HCFABest Practice Guideline13182
NIST 800-53AInternational or National Standard1263
ISO 27005 R 2011International or National Standard1196
PCI DSS 3.1Contractual Obligation1132
Authentication in an Internet Banking EnvironmentBest Practice Guideline1050
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1041
COSO ERMSafe Harbor1053
Federal Information Security Management Act FISMARegulation or Statute10144
FFIEC CATBest Practice Guideline1000
FFIEC IT Examination HandbookAudit Guideline1000
Shared Assessments SIG - A. Risk ManagementAudit Guideline1073
Canada Personal Information Protection Electronic Documents ActRegulation or Statute963
Canada Privacy Policy PrinciplesRegulation or Statute942
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard931
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute994
16 CFR Part 314Regulation or Statute8116
Australia Privacy Amendment ActRegulation or Statute8146
CISWIG 1Best Practice Guideline841
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement800
FFIEC Business Continuity Planning Handbook 2015Audit Guideline800
NIST SP 800-122International or National Standard892
Shared Assessments SIG - B. Security PolicyAudit Guideline873
Shared Assessments SIG - C. Organizational SecurityAudit Guideline873