News

Monthly Selected Authority Documents - July, 2021

August 1, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
EU General Data Protection Regulation (GDPR)Regulation or Statute3516410
ISO 27001-2013International or National Standard351868
NIST CSF 1.1International or National Standard32349
CIS Controls, V7.1Best Practice Guideline3152
NIST SP 800-53 R5International or National Standard3173
ISO/IEC 27002:2013(E)International or National Standard271384
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation251434
ISO/IEC 27701:2019International or National Standard22113
hipaa security ruleRegulation or Statute2141
CMMC Level 3Best Practice Guideline2022
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1710
Sarbanes-Oxley Act of 2002Bill or Act1720
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard1623
HIPAABill or Act1494
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline1390
CMMC Level 1Best Practice Guideline1322
CMMC Level 4Best Practice Guideline1320
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard1310
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard1333
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1322
23 NYCRR 500Regulation or Statute1293
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor121374
CMMC Level 2Best Practice Guideline1222
CMMC Level 5Best Practice Guideline1220
COBIT 2019Safe Harbor1252
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement12124
CobiTSafe Harbor111621
ITIL Foundation 4Best Practice Guideline1100
Red Book (Condensed)International or National Standard1164
CIS Controls V7Best Practice Guideline10252
EBA/GL/2019/02Regulation or Statute1020
EBA/GL/2019/04Regulation or Statute1030
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline1012
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1010
PCI DSS 3.2 SAQ D MerchantContractual Obligation1040
PCI SAQ A v3.2Contractual Obligation1033
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard1050
APRA CPS 234Regulation or Statute930
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement9122
HIPAA Electronic Health Record TechnologyRegulation or Statute911
HIPAA HCFABest Practice Guideline922
ISO 9001:2015International or National Standard9182
ISO/IEC 27018:2014International or National Standard9152
MAS TRMContractual Obligation9360
NIST Privacy FrameworkInternational or National Standard992
NIST SP 800-37r2International or National Standard994
Cloud Security GuidanceBest Practice Guideline830
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement8102
FedRAMP Baseline Security ControlsAudit Guideline81240
FedRAMP Security Controls Baseline, 2018Audit Guideline814