News

Monthly Selected Authority Documents - June, 2018

July 1, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard719920
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation44688
EU General Data Protection Regulation (GDPR)Regulation or Statute37623
Sarbanes Oxley SOXRegulation or Statute317116
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor27394
NIST Cybersecurity FrameworkInternational or National Standard2742
NIST SP 800-53 R4International or National Standard25468
Red Book (Condensed)International or National Standard2411
NIST SP 800-53 R4 High ImpactInternational or National Standard22774
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard21226
HIPAABill or Act16418
NIST SP 800-53 R4 Low ImpactInternational or National Standard16184
HIPAA Electronic Health Record TechnologyRegulation or Statute1573
Gramm Leach BlileyBill or Act141210
ISO 27002International or National Standard13107
NIST SP 800 66Safe Harbor1385
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor13113
CobiTSafe Harbor12846
23 NYCRR 500Regulation or Statute1106
CISWIG 1Best Practice Guideline1141
India Indian Info Privacy ActRegulation or Statute1160
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1102
FFIEC Audit April 2012Best Practice Guideline1000
FFIEC Business Continuity Planning Handbook 2015Audit Guideline1000
PCI SAQ A v3.1Contractual Obligation1051
AICPA Trust ServicesAudit Guideline951
FFIEC CATBest Practice Guideline900
HIPAA HCFABest Practice Guideline9162
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement900
45 CFR Part 164Regulation or Statute8136
CISWIG 2Safe Harbor852
CSIS 20 Critical Security ControlsBest Practice Guideline8774
FFIEC IT Examination HandbookAudit Guideline800
FFIEC Management 2015Best Practice Guideline800
FFIEC Supervision of Technology Service ProvidersBest Practice Guideline861
ISO 31000 R 2009International or National Standard8774
ISO/IEC 27002:2013(E)International or National Standard87816
PCI SAQ A v3.2Contractual Obligation800
PCI SAQ DContractual Obligation863
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement721
CIS 20 Critical Security ControlsBest Practice Guideline752
Cloud Security Alliance CCM V1.3Best Practice Guideline7126
FFIEC OperationsBest Practice Guideline750
FFIEC Retail Payment SystemsBest Practice Guideline750
HKMA Supervisory Policy Manual TM-G-2 Business Continuity PlanningContractual Obligation760
India Clause 49Regulation or Statute770
ISO/IEC 27018:2014International or National Standard743
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement760
Australian Government Information Security Manual ControlsInternational or National Standard663
Bank Secrecy ActRegulation or Statute630