News

Monthly Selected Authority Documents - June, 2021

July 1, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard301818
NIST SP 800-53 R5International or National Standard2563
NIST CSF 1.1International or National Standard24299
CIS Controls, V7.1Best Practice Guideline1952
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation191394
EU General Data Protection Regulation (GDPR)Regulation or Statute1715910
hipaa security ruleRegulation or Statute1331
ISO/IEC 27002:2013(E)International or National Standard131344
CobiTSafe Harbor121571
Sarbanes-Oxley Act of 2002Bill or Act1220
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1110
ISO/IEC 27701:2019International or National Standard11113
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor101324
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement10124
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline980
CMMC Level 3Best Practice Guideline922
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8Organizational Directive931
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard9120
ISO 27002International or National Standard972
PCI DSS 3.2 SAQ D MerchantContractual Obligation840
SSAE 18Safe Harbor863
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement832
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement7101
Cloud Security Alliance CCM V1.3Best Practice Guideline750
CMMC Level 1Best Practice Guideline722
HIPAABill or Act762
ISO 27005 R 2011International or National Standard7123
ISO/IEC 27018:2014International or National Standard7142
NIST SP 800-53International or National Standard7161
CIS 20 Critical Security ControlsBest Practice Guideline6232
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement6122
CMMC Level 4Best Practice Guideline620
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard613
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard610
COSO Enterprise Risk Management (2017)Best Practice Guideline673
DFARS 252.204-7012Bill or Act600
FedRAMP Baseline Security ControlsAudit Guideline61190
HIPAA Electronic Health Record TechnologyRegulation or Statute601
ISO 20000-1 2nd EdInternational or National Standard6290
MAS TRMContractual Obligation6320
NIST 800-53AInternational or National Standard672
NIST SP 800 66Safe Harbor6241
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation600
PCI SAQ A v3.2Contractual Obligation623
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard650
Trust Services CriteriaSelf-Regulatory Body Requirement662
23 NYCRR 500Regulation or Statute583
AICPA Trust ServicesAudit Guideline561
California Consumer Privacy Act of 2018Bill or Act5381
CMMC Level 2Best Practice Guideline522