News

Monthly Selected Authority Documents - May, 2021

June 1, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard671808
NIST CSF 1.1International or National Standard47297
EU General Data Protection Regulation (GDPR)Regulation or Statute4215910
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor381324
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation361394
ISO/IEC 27002:2013(E)International or National Standard321344
NIST SP 800-53 R5International or National Standard3052
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard2812
CobiTSafe Harbor251571
CIS Controls, V7.1Best Practice Guideline2142
FedRAMP Baseline Security ControlsAudit Guideline211190
ISO 27002International or National Standard2172
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement18122
HIPAABill or Act1861
Sarbanes-Oxley Act of 2002Bill or Act1820
NIST SP 800-53 R4International or National Standard1732
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement16124
California Consumer Privacy Act of 2018Bill or Act15381
CMMC Level 3Best Practice Guideline1522
hipaa security ruleRegulation or Statute1520
SSAE 18Safe Harbor1563
23 NYCRR 500Regulation or Statute1382
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1310
ISO 31000 R 2009International or National Standard131591
NIST Privacy FrameworkInternational or National Standard1381
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1393
CSIS 20 Critical Security ControlsBest Practice Guideline121520
CMMC Level 1Best Practice Guideline1122
CMMC Level 2Best Practice Guideline1122
CMMC Level 5Best Practice Guideline1120
COBIT 2019Safe Harbor1141
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard1112
FFIEC IT Examination HandbookAudit Guideline11112
ISO/IEC 27018:2014International or National Standard11142
ISO/IEC 27701:2019International or National Standard11103
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement11871
PCI DSS 3.2 SAQ D MerchantContractual Obligation1140
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1131
California Consumer Privacy Act of 2018Bill or Act1011
CIS 20 Critical Security ControlsBest Practice Guideline10232
HIPAA Electronic Health Record TechnologyRegulation or Statute1035
NIST CSF 1.0International or National Standard10112
NIST SP 800 66Safe Harbor10241
PCI DSS Testing Procedures v3.2Contractual Obligation10192
PCI SAQ A v3.2Contractual Obligation1022
NIST 800-53AInternational or National Standard972
NIST SP 800-171International or National Standard921
Sarbanes Oxley SOX, DeprecatedRegulation or Statute91441
21 CFR Part 11Regulation or Statute8240
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline880