News

Monthly Selected Authority Documents - May, 2019

June 1, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard9215822
NIST SP 800-53 R4International or National Standard7510313
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation6312411
EU General Data Protection Regulation (GDPR)Regulation or Statute591218
NIST SP 800-53 R4 High ImpactInternational or National Standard591309
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard515010
NIST SP 800-53 R4 Low ImpactInternational or National Standard44419
Sarbanes Oxley SOXRegulation or Statute4412517
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor43866
FedRAMP Baseline Security ControlsAudit Guideline33855
HIPAABill or Act32738
CobiTSafe Harbor311376
ISO/IEC 27002:2013(E)International or National Standard3113017
CIS Controls V7Best Practice Guideline2830
NIST CSF 1.1International or National Standard2840
California Consumer Privacy Act of 2018Bill or Act23140
ISO 31000 R 2009International or National Standard221304
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement2121
CSIS 20 Critical Security ControlsBest Practice Guideline201274
ISO 27002International or National Standard19117
NIST SP 800-53International or National Standard19123
HIPAA Electronic Health Record TechnologyRegulation or Statute1873
Gramm Leach BlileyBill or Act171410
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1681
FFIEC CATBest Practice Guideline1683
NIST CSF 1.0International or National Standard16207
ISO/IEC 27018:2014International or National Standard1553
Red Book (Condensed)International or National Standard1511
Authentication in an Internet Banking EnvironmentBest Practice Guideline14134
NIST 800-53AInternational or National Standard1363
Supplement to Authentication in an Internet Banking EnvironmentBest Practice Guideline1242
DoD Instruction 8500.2 DIACAPAudit Guideline11420
FCRARegulation or Statute11204
NIST SP 800 66Safe Harbor1195
PCI SAQ A v3.1Contractual Obligation1161
23 NYCRR 500Regulation or Statute1046
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement1050
FFIEC Audit April 2012Best Practice Guideline1000
ISF Standard of Good Practice 2013Best Practice Guideline1092
NIST SP 800-122International or National Standard10112
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor10155
FFIEC Business Continuity Planning Handbook 2015Audit Guideline960
FFIEC IT Examination HandbookAudit Guideline930
FFIEC ManagementBest Practice Guideline980
FFIEC Retail Payment Systems 2016Best Practice Guideline910
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard931
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute9114
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement9526
Trust Services CriteriaSelf-Regulatory Body Requirement920
45 CFR Part 164Regulation or Statute8137