News

Monthly Selected Authority Documents - March, 2017

April 1, 2017

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation5680
ISO 27001-2013International or National Standard532713
NIST SP 800-53 R4International or National Standard53105
NIST SP 800-53 R4 High ImpactInternational or National Standard53143
CobiTSafe Harbor38216
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard3895
ISO 27002International or National Standard3696
ISO/IEC 27002:2013(E)International or National Standard33126
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard31108
NIST SP 800-53 R4 Low ImpactInternational or National Standard3153
FFIEC Information SecurityBest Practice Guideline3063
Sarbanes Oxley SOXRegulation or Statute291712
FedRAMP Baseline Security ControlsAudit Guideline2394
Gramm Leach BlileyBill or Act2385
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor21103
NIST SP 800-53International or National Standard2153
FFIEC Business Continuity PlanningBest Practice Guideline2040
HIPAABill or Act20138
NIST SP 800-171International or National Standard2031
ISO 31000 R 2009International or National Standard19163
NIST 800-53AInternational or National Standard1953
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1973
CSIS 20 Critical Security ControlsBest Practice Guideline18144
FFIEC ManagementBest Practice Guideline1740
FFIEC OperationsBest Practice Guideline1740
FFIEC Outsourcing Technology ServicesBest Practice Guideline1751
FFIEC Supervision of Technology Service ProvidersBest Practice Guideline1751
ISO 27005 R 2011International or National Standard1785
PCI SAQ A v3.1Contractual Obligation1721
Federal Information Security Management Act FISMARegulation or Statute1674
FFIEC AuditBest Practice Guideline1640
FFIEC Development AcquisitionBest Practice Guideline1640
FFIEC E BankingBest Practice Guideline1640
FFIEC Retail Payment SystemsBest Practice Guideline1640
FFIEC Wholesale Payment SystemsBest Practice Guideline1640
Authentication in an Internet Banking EnvironmentBest Practice Guideline1540
ISO 20000-1 2nd EdInternational or National Standard1593
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement1586
PCI DSS 3.1Contractual Obligation1432
ISO 20000-2 R 2005International or National Standard1393
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard1321
NIST SP 800 66Safe Harbor1396
EU General Data Protection Regulation (GDPR)Regulations1220
ITIL Security ManagementBest Practice Guideline1253
ITIL Service SupportBest Practice Guideline1233
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1121
HIPAA Electronic Health Record TechnologyRegulation or Statute1141
PCI DSS 3.1 SAQ D Service ProviderContractual Obligation1112
PCI PA DSS 1.1Contractual Obligation1164
South African King Report 2002Regulation or Statute1185