News

Monthly Selected Authority Documents - September, 2020

October 1, 2020

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard331638
EU General Data Protection Regulation (GDPR)Regulation or Statute251469
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor221194
CobiTSafe Harbor211442
NIST CSF 1.1International or National Standard20245
NIST SP 800-53 R4 High ImpactInternational or National Standard201535
NIST SP 800-53 R4International or National Standard181238
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard18646
HIPAABill or Act16871
NIST SP 800-53International or National Standard15110
NIST SP 800-53 R4 Low ImpactInternational or National Standard15646
ISO/IEC 27002:2013(E)International or National Standard131292
Sarbanes Oxley SOXRegulation or Statute131321
California Consumer Privacy Act of 2018Bill or Act11281
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation111332
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8Organizational Directive1021
Gramm Leach BlileyBill or Act1061
ISO 27002International or National Standard1031
23 NYCRR 500Regulation or Statute963
HIPAA Electronic Health Record TechnologyRegulation or Statute933
APRA CPS 234Regulation or Statute820
CIS Controls, V7.1Best Practice Guideline801
CSIS 20 Critical Security ControlsBest Practice Guideline81420
FedRAMP Security Controls Baseline, 2018Audit Guideline802
NIST SP 800 66Safe Harbor8151
Trust Services CriteriaSelf-Regulatory Body Requirement831
APRA PPG 234Safe Harbor770
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline730
CMMC Level 5Best Practice Guideline700
FedRAMP Baseline Security ControlsAudit Guideline71070
FFIEC CATBest Practice Guideline781
HIPAA HCFABest Practice Guideline750
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement792
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement7771
Red Book (Condensed)International or National Standard754
Australian Government Information Security Manual ControlsInternational or National Standard620
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement6110
COBIT 2019Safe Harbor621
ISO 31000 R 2009International or National Standard61462
ISO 9001:2015International or National Standard690
ITIL Security ManagementBest Practice Guideline611
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor673
21 CFR Part 11Regulation or Statute5140
45 CFR Part 164Regulation or Statute582
Argentina Personal Data Protection ActRegulation or Statute523
BAIT BaFinRegulation or Statute500
CIS Controls V7Best Practice Guideline5182
COPPARegulation or Statute500
EBA/GL/2019/04Regulation or Statute500
EudraLex Rules Governing Medicinal Products in the European Union Annex 11 Computerised SystemsBest Practice Guideline531