News

Monthly Selected Authority Documents - May, 2018

June 1, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard759520
NIST SP 800-53 R4International or National Standard49468
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation48648
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard45226
EU General Data Protection Regulation (GDPR)Regulations37603
NIST SP 800-53 R4 High ImpactInternational or National Standard34734
NIST SP 800-53 R4 Low ImpactInternational or National Standard33184
Sarbanes Oxley SOXRegulation or Statute336716
CobiTSafe Harbor32806
ISO 27002International or National Standard28107
Gramm Leach BlileyBill or Act241210
HIPAABill or Act24418
ISO/IEC 27002:2013(E)International or National Standard237416
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor22374
NIST Cybersecurity FrameworkInternational or National Standard2142
ISO 31000 R 2009International or National Standard18754
CSIS 20 Critical Security ControlsBest Practice Guideline16734
23 NYCRR 500Regulations1506
ISO 27005 R 2011International or National Standard1396
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor13113
16 CFR Part 314Regulation or Statute12119
HIPAA Electronic Health Record TechnologyRegulation or Statute1273
NIST SP 800-171International or National Standard1241
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1100
NIST SP 800-53International or National Standard1193
PCI SAQ A v3.1Contractual Obligation1151
FedRAMP Baseline Security ControlsAudit Guideline10365
ISO 20000-1 2nd EdInternational or National Standard10454
16 CFR Part 313Regulation or Statute81110
CIS 20 Critical Security ControlsBest Practice Guideline852
HIPAA HCFABest Practice Guideline8182
ISO 20000-2 R 2005International or National Standard8444
NIST 800-53AInternational or National Standard863
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard8157
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard802
45 CFR Part 164Regulation or Statute7136
Federal Information Security Management Act FISMARegulation or Statute7144
FFIEC Business Continuity Planning Handbook 2015Audit Guideline700
FFIEC CATBest Practice Guideline700
FFIEC Development AcquisitionBest Practice Guideline750
FFIEC IT Examination HandbookAudit Guideline700
ISO/IEC 27018:2014International or National Standard743
NIST SP 800 66Safe Harbor785
BSI-Standard 100-2International or National Standard690
Cloud Security Alliance CCM V1.3Best Practice Guideline6126
COSO ERMSafe Harbor653
EudraLex Rules Governing Medicinal Products in the European Union Annex 11 Computerised SystemsBest Practice Guideline632
FFIEC Outsourcing Technology ServicesBest Practice Guideline681
FTC FACT Act Red Flags Rule TemplateAudit Guideline691
ITIL Security ManagementBest Practice Guideline663