News

Monthly Selected Authority Documents - October, 2018

November 1, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard8211121
NIST SP 800-53 R4International or National Standard48558
NIST Cybersecurity FrameworkInternational or National Standard3852
EU General Data Protection Regulation (GDPR)Regulation or Statute35734
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard35276
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation35799
NIST SP 800-53 R4 High ImpactInternational or National Standard33854
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor32475
NIST SP 800-53 R4 Low ImpactInternational or National Standard32224
NIST SP 800-53International or National Standard2693
Sarbanes Oxley SOXRegulation or Statute267916
ISO/IEC 27002:2013(E)International or National Standard248717
NIST SP 800-171International or National Standard2141
HIPAABill or Act19468
CobiTSafe Harbor16916
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard16177
Red Book (Condensed)International or National Standard1611
FedRAMP Baseline Security ControlsAudit Guideline15435
HIPAA Electronic Health Record TechnologyRegulation or Statute1573
ISO 27002International or National Standard15117
CIS 20 Critical Security ControlsBest Practice Guideline1462
ISO 31000 R 2009International or National Standard13874
ISO 9001:2015International or National Standard1311
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1312
CSIS 20 Critical Security ControlsBest Practice Guideline12844
23 NYCRR 500Regulation or Statute1106
45 CFR Part 164Regulation or Statute11136
HIPAA HCFABest Practice Guideline11182
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1111
Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard1000
NIST 800-53AInternational or National Standard1063
NIST SP 800 66Safe Harbor1085
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor9113
Gramm Leach BlileyBill or Act81210
ISO 20000-1 2nd EdInternational or National Standard8434
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement8196
Australian Government Information Security Manual ControlsInternational or National Standard763
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement761
COBIT 5 Enabling Processes: BasicsSafe Harbor730
Generally Accepted Privacy PrinciplesBest Practice Guideline740
ISO 27005 R 2011International or National Standard7116
ISO 31000:2018International or National Standard700
Shared Assessments SIG - A. Risk ManagementAudit Guideline773
Standards for Safeguarding Customer Information Model Regulation, NAIC MDL-673Best Practice Guideline700
21 CFR Part 11Regulation or Statute651
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement641
Australia Privacy Amendment ActRegulation or Statute6146
CIS Controls V7Best Practice Guideline600
Cloud Security Alliance CCM V1.3Best Practice Guideline6126
EU 8th DirectiveRegulation or Statute6126