News

Monthly Selected Authority Documents - December, 2019

January 1, 2020

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7820825
NIST SP 800-53 R4International or National Standard4514415
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation3916212
EU General Data Protection Regulation (GDPR)Regulation or Statute351678
NIST SP 800-53 R4 High ImpactInternational or National Standard311749
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard316910
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor301337
Sarbanes Oxley SOXRegulation or Statute2916117
NIST SP 800-53 R4 Low ImpactInternational or National Standard23589
FedRAMP Baseline Security ControlsAudit Guideline221305
HIPAABill or Act211089
California Consumer Privacy Act of 2018Bill or Act19270
CobiTSafe Harbor171826
COBIT 5 Enabling Processes: BasicsSafe Harbor16462
ISO/IEC 27002:2013(E)International or National Standard1617017
NIST CSF 1.1International or National Standard16112
CIS Controls V7Best Practice Guideline15101
ISO 27002International or National Standard14118
ISO 31000 R 2009International or National Standard141766
Red Book (Condensed)International or National Standard1453
ISO/IEC 27701:2019International or National Standard1320
APRA PPG 234Safe Harbor12131
NIST CSF 1.0International or National Standard12238
CSIS 20 Critical Security ControlsBest Practice Guideline111714
Gramm Leach BlileyBill or Act111510
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement11936
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement10111
NIST 800-53AInternational or National Standard1094
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1072
23 NYCRR 500Regulation or Statute997
MAS TRMContractual Obligation9320
NIST SP 800-53International or National Standard9123
NIST SP 800-61International or National Standard992
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement9380
SSAE 18Safe Harbor951
Australian Government Information Security Manual ControlsInternational or National Standard883
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement871
DoD Instruction 8500.2 DIACAPAudit Guideline8750
Good Practices For Computerized systems In Regulated GXP EnvironmentsSelf-Regulatory Body Requirement8601
HIPAA Electronic Health Record TechnologyRegulation or Statute883
Trust Services CriteriaSelf-Regulatory Body Requirement831
45 CFR Part 164Regulation or Statute7157
COBIT 2019Safe Harbor721
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline701
ISO 27005 R 2011International or National Standard7187
ITIL Security ManagementBest Practice Guideline763
NIST SP 800-30International or National Standard783
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor7176
EU-US Privacy Shield Framework Principles Annex IIRegulation or Statute610
FFIEC CATBest Practice Guideline6103