| ISO 27001-2013 | International or National Standard | 97 | 104 | 20 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 52 | 73 | 8 |
| NIST SP 800-53 R4 | International or National Standard | 48 | 49 | 8 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 43 | 67 | 3 |
| NIST SP 800-53 R4 Moderate Impact | International or National Standard | 42 | 23 | 6 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 40 | 41 | 4 |
| NIST SP 800-53 R4 High Impact | International or National Standard | 36 | 80 | 4 |
| Sarbanes Oxley SOX | Regulation or Statute | 35 | 74 | 16 |
| ISO/IEC 27002:2013(E) | International or National Standard | 33 | 82 | 16 |
| NIST SP 800-53 R4 Low Impact | International or National Standard | 33 | 19 | 4 |
| HIPAA | Bill or Act | 32 | 41 | 8 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 28 | 7 | 3 |
| ISO 27002 | International or National Standard | 22 | 11 | 7 |
| CobiT | Safe Harbor | 21 | 86 | 6 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 18 | 6 | 1 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 16 | 1 | 0 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | Safe Harbor | 16 | 11 | 3 |
| FedRAMP Baseline Security Controls | Audit Guideline | 15 | 36 | 5 |
| NIST 800-53A | International or National Standard | 15 | 6 | 3 |
| NIST Cybersecurity Framework | International or National Standard | 15 | 5 | 2 |
| NIST SP 800 66 | Safe Harbor | 15 | 8 | 5 |
| CSIS 20 Critical Security Controls | Best Practice Guideline | 14 | 79 | 4 |
| ISO 27005 R 2011 | International or National Standard | 14 | 11 | 6 |
| Gramm Leach Bliley | Bill or Act | 13 | 12 | 10 |
| HIPAA HCFA | Best Practice Guideline | 13 | 16 | 2 |
| ISO 31000 R 2009 | International or National Standard | 13 | 80 | 4 |
| NIST Framework for Improving Critical Infrastructure Cybersecurity | International or National Standard | 13 | 17 | 7 |
| ISO/IEC 27018:2014 | International or National Standard | 12 | 4 | 3 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 12 | 1 | 2 |
| PCI SAQ A v3.1 | Contractual Obligation | 12 | 5 | 1 |
| 23 NYCRR 500 | Regulation or Statute | 11 | 0 | 6 |
| CIS 20 Critical Security Controls | Best Practice Guideline | 11 | 6 | 2 |
| Cloud Security Alliance CCM V1.3 | Best Practice Guideline | 11 | 12 | 6 |
| Federal Information Security Management Act FISMA | Regulation or Statute | 11 | 14 | 4 |
| NIST SP 800-122 | International or National Standard | 11 | 10 | 2 |
| Red Book (Condensed) | International or National Standard | 10 | 1 | 1 |
| HITECH title within the American Recovery and Reinvestment Act of 2009 | Bill or Act | 9 | 10 | 2 |
| India Indian Info Privacy Act | Regulation or Statute | 9 | 6 | 0 |
| Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts | Regulation or Statute | 9 | 9 | 4 |
| NIST SP 800-53 | International or National Standard | 9 | 9 | 3 |
| AICPA Trust Services | Audit Guideline | 8 | 5 | 1 |
| BSI-Standard 100-2 | International or National Standard | 8 | 9 | 0 |
| Framework for Improving Critical Infrastructure Cybersecurity | International or National Standard | 8 | 0 | 0 |
| Germany Data Protection Act | Regulation or Statute | 8 | 5 | 2 |
| Insurance Data Security Model Law, NAIC MDL-668 | Best Practice Guideline | 8 | 0 | 0 |
| NIST SP 800-171 | International or National Standard | 8 | 4 | 1 |
| 45 CFR Part 164 | Regulation or Statute | 7 | 13 | 6 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 7 | 4 | 1 |
| Basel II | Regulation or Statute | 7 | 3 | 1 |
| Canada Personal Information Protection Electronic Documents Act | Regulation or Statute | 7 | 6 | 3 |
