News

Monthly Selected Authority Documents - July, 2019

August 1, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7218023
NIST SP 800-53 R4International or National Standard6012313
EU General Data Protection Regulation (GDPR)Regulation or Statute411438
NIST SP 800-53 R4 High ImpactInternational or National Standard401519
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard396010
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor351086
NIST SP 800-53 R4 Low ImpactInternational or National Standard35519
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation3414211
Sarbanes Oxley SOXRegulation or Statute3314417
ISO/IEC 27002:2013(E)International or National Standard2915117
NIST CSF 1.1International or National Standard2740
CIS Controls V7Best Practice Guideline2660
HIPAABill or Act26908
CobiTSafe Harbor241596
PCI DSS Testing Procedures v3.2Contractual Obligation2440
FedRAMP Baseline Security ControlsAudit Guideline231065
23 NYCRR 500Regulation or Statute1776
MAS TRMContractual Obligation17220
ISO 31000 R 2009International or National Standard161515
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement16280
California Consumer Privacy Act of 2018Bill or Act15140
CSIS 20 Critical Security ControlsBest Practice Guideline151484
COBIT 5 Enabling Processes: BasicsSafe Harbor14280
DoD Instruction 8500.2 DIACAPAudit Guideline13580
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement13696
Risk Management of E-bankingContractual Obligation1340
HIPAA Electronic Health Record TechnologyRegulation or Statute1273
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1161
FFIEC CATBest Practice Guideline1173
HKMA General Principles for Technology Risk ManagementRegulation or Statute1140
NIST CSF 1.0International or National Standard11207
Good Practices For Computerized systems In Regulated GXP EnvironmentsSelf-Regulatory Body Requirement10431
HKMA Supervisory Policy Manual TM-G-2 Business Continuity PlanningContractual Obligation10120
NIST SP 800 66Safe Harbor10115
Cloud Security Alliance CCM V1.3Best Practice Guideline9166
Gramm Leach BlileyBill or Act91410
HIPAA HCFABest Practice Guideline9192
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement951
ITIL Security ManagementBest Practice Guideline963
NIST SP 800-53International or National Standard9123
FFIEC IT Examination HandbookAudit Guideline830
Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber FraudsBest Practice Guideline840
India Indian Info Privacy ActRegulation or Statute890
ISO 27002International or National Standard8107
PCI SAQ A v3.1Contractual Obligation861
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act7122
ITIL Service SupportBest Practice Guideline743
NIST SP 800-30International or National Standard762
Payments Service Directive 2International or National Standard700
Red Book (Condensed)International or National Standard711