News

Monthly Selected Authority Documents - July, 2018

August 1, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard8010220
NIST SP 800-53 R4International or National Standard40478
EU General Data Protection Regulation (GDPR)Regulation or Statute35653
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard32236
NIST SP 800-53 R4 Low ImpactInternational or National Standard31194
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation31718
NIST SP 800-53 R4 High ImpactInternational or National Standard30784
NIST Cybersecurity FrameworkInternational or National Standard2452
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor23414
NIST SP 800-53International or National Standard2193
HIPAABill or Act20418
ISO/IEC 27002:2013(E)International or National Standard208016
ISO 27002International or National Standard18117
Sarbanes Oxley SOXRegulation or Statute187216
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1310
Red Book (Condensed)International or National Standard1311
HIPAA Electronic Health Record TechnologyRegulation or Statute1273
ISO/IEC 27018:2014International or National Standard1243
Gramm Leach BlileyBill or Act111210
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1041
CobiTSafe Harbor10846
ISO 31000 R 2009International or National Standard10784
CIS 20 Critical Security ControlsBest Practice Guideline962
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement961
FFIEC CATBest Practice Guideline900
NIST SP 800 66Safe Harbor985
ISO 27005 R 2011International or National Standard8116
NIST 800-53AInternational or National Standard863
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard8157
Trust Services CriteriaSelf-Regulatory Body Requirement820
45 CFR Part 164Regulation or Statute7136
Cloud Security Alliance CCM V1.3Best Practice Guideline7126
COSO ERMSafe Harbor753
FedRAMP Baseline Security ControlsAudit Guideline7365
FFIEC IT Examination HandbookAudit Guideline700
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard712
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor7113
UK Data Protection Act of 1998Regulation or Statute7126
34 CFR Part 99Regulation or Statute660
AICPA Trust ServicesAudit Guideline651
CSIS 20 Critical Security ControlsBest Practice Guideline6774
FFIEC Business Continuity Planning Handbook 2015Audit Guideline600
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute694
NIST SP 800-30International or National Standard651
NIST SP 800-61International or National Standard651
23 NYCRR 500Regulation or Statute506
HIPAA HCFABest Practice Guideline5162
ISO 20000-1 2nd EdInternational or National Standard5454
ITIL Security ManagementBest Practice Guideline563
NIST SP 800-122International or National Standard5102