News

Monthly Selected Authority Documents - December, 2018

January 1, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7111721
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor36535
NIST SP 800-53 R4International or National Standard34618
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation31859
EU General Data Protection Regulation (GDPR)Regulation or Statute30794
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard25296
NIST Cybersecurity FrameworkInternational or National Standard2372
NIST SP 800-53 R4 High ImpactInternational or National Standard23914
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement2211
Sarbanes Oxley SOXRegulation or Statute228516
HIPAABill or Act19488
ISO/IEC 27018:2014International or National Standard1843
CIS Controls V7Best Practice Guideline1600
NIST SP 800-53 R4 Low ImpactInternational or National Standard16244
NIST SP 800 66Safe Harbor1595
Red Book (Condensed)International or National Standard1511
ISO/IEC 27002:2013(E)International or National Standard149317
23 NYCRR 500Regulation or Statute1306
California Civil Code Section 1798.80-1798.84Regulation or Statute1284
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1261
FedRAMP Baseline Security ControlsAudit Guideline11495
HIPAA Electronic Health Record TechnologyRegulation or Statute1173
PCI SAQ A v3.1Contractual Obligation1151
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1041
ARMA Generally Accepted Recordkeeping Principles®International or National Standard1010
CIS 20 Critical Security ControlsBest Practice Guideline1062
NIST SP 800-53International or National Standard1093
45 CFR Part 164Regulation or Statute9136
CobiTSafe Harbor9976
FFIEC CATBest Practice Guideline900
ISO 27005 R 2011International or National Standard9116
45 CFR Part 160Regulation or Statute871
45 CFR Part 162Regulation or Statute831
Cloud Security Alliance CCM V1.3Best Practice Guideline8126
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement800
Gramm Leach BlileyBill or Act81210
ISO 31000 R 2009International or National Standard8934
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard8177
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement8256
RWC 42.56.590 Personal information--Notice of security breachesRegulation or Statute800
California Civil Code Section 1798.29, Accounting of DisclosuresRegulation or Statute700
COSO ERMSafe Harbor753
CSIS 20 Critical Security ControlsBest Practice Guideline7904
DIRKSBest Practice Guideline711
HIPAA HCFABest Practice Guideline7182
ISO 15489 1International or National Standard723
ISO 15489 2International or National Standard734
NFA Information Systems Security ProgramsSelf-Regulatory Body Requirement700
NIST 800-53AInternational or National Standard763
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard712