News

Monthly Selected Authority Documents - December, 2016

January 11, 2017

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard601612
ISO/IEC 27002:2013(E)International or National Standard3125
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation2200
CobiTSafe Harbor20136
NIST SP 800-53 R4International or National Standard2044
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard1797
Sarbanes Oxley SOXRegulation or Statute171511
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor1683
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard1654
NIST SP 800-53International or National Standard1453
PCI DSS 3.1Contractual Obligation1422
FFIEC Information SecurityBest Practice Guideline1353
NIST SP 800-53 R4 Low ImpactInternational or National Standard1342
HIPAABill or Act12117
NIST SP 800 66Safe Harbor1196
NIST SP 800-171International or National Standard1121
NIST SP 800-53 R4 High ImpactInternational or National Standard1152
Gramm Leach BlileyBill or Act1074
ISO 31000 R 2009International or National Standard1073
AICPA Trust ServicesAudit Guideline942
ISO 27002International or National Standard985
ISO 27005 R 2011International or National Standard975
PCI DSS 3.1 SAQ D Service ProviderContractual Obligation912
California OPP Notification of Security BreachSafe Harbor874
CIS 20 Critical Security ControlsBest Practice Guideline800
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement800
Shared Assessments SIG - A. Risk ManagementAudit Guideline863
Shared Assessments SIG - P. PrivacyAudit Guideline863
45 CFR Part 164Regulation or Statute784
FedRAMP Baseline Security ControlsAudit Guideline773
FFIEC ManagementBest Practice Guideline730
HIPAA Electronic Health Record TechnologyRegulation or Statute741
HIPAA HCFABest Practice Guideline772
IIA GTAG 1Best Practice Guideline742
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute774
NIST SP 800-61International or National Standard741
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement786
PCI DSS Wireless GuidelineSafe Harbor764
PCI SAQ A v3.1Contractual Obligation721
Shared Assessments SIG - B. Security PolicyAudit Guideline763
Shared Assessments SIG - C. Organizational SecurityAudit Guideline763
Shared Assessments SIG - D. Asset ManagementAudit Guideline763
Shared Assessments SIG - E. Human Resource SecurityAudit Guideline763
Shared Assessments SIG - F. Physical and EnvironmentalAudit Guideline763
Shared Assessments SIG - G. Communications and Operations ManagementAudit Guideline763
Shared Assessments SIG - H. Access ControlAudit Guideline763
Shared Assessments SIG - I. Information Systems Acquisition Development MaintenanceAudit Guideline763
Shared Assessments SIG - J. Incident Event and Communications ManagementAudit Guideline763
Shared Assessments SIG - K. Business Continuity and Disaster RecoveryAudit Guideline763
Shared Assessments SIG - L. ComplianceAudit Guideline763