News

Monthly Selected Authority Documents - August, 2021

September 1, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
EU General Data Protection Regulation (GDPR)Regulation or Statute3716410
ISO 27001-2013International or National Standard371868
NIST CSF 1.1International or National Standard30349
NIST SP 800-53 R5International or National Standard2073
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation191434
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor161374
CIS Controls, V8Best Practice Guideline1600
CMMC Level 3Best Practice Guideline1522
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1510
HIPAABill or Act1394
hipaa security ruleRegulation or Statute1341
HKMA General Principles for Technology Risk ManagementRegulation or Statute13180
MAS TRMContractual Obligation13360
CobiTSafe Harbor121621
FedRAMP Baseline Security ControlsAudit Guideline121240
ISO/IEC 27701:2019International or National Standard12113
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1222
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1210
Australian Government Information Security Manual ControlsInternational or National Standard1130
ISO 27002International or National Standard1172
NIST SP 800-53International or National Standard11161
PCI DSS 3.2 SAQ D MerchantContractual Obligation1140
Sarbanes-Oxley Act of 2002Bill or Act1120
23 NYCRR 500Regulation or Statute1093
India Indian Info Privacy ActRegulation or Statute10150
Notice No.: CMG-N02, Notice On Technology Risk ManagementSelf-Regulatory Body Requirement1020
Risk Management of E-bankingContractual Obligation10180
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1093
CMMC Level 4Best Practice Guideline920
CMMC Level 5Best Practice Guideline920
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard923
COSO Enterprise Risk Management (2017)Best Practice Guideline9103
Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber FraudsBest Practice Guideline9220
HKMA-2001-12-28 - Supervisory Policy Manual (SA-2) OutsourcingRegulation or Statute900
ISO/IEC 27002:2013(E)International or National Standard91384
ISO/IEC 27018:2014International or National Standard9152
MAS-TRMG-2021Contractual Obligation920
NIST SP 800-172International or National Standard910
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement9380
Risk Management of E-banking V.3Contractual Obligation920
SWIFT Customer Security Controls FrameworkBest Practice Guideline900
APRA PPG 234Safe Harbor800
APRA PPG 234Safe Harbor880
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement8102
FFIEC IT Examination HandbookAudit Guideline8112
NIST SP 800-53 R4 High Impact, DeprecatedInternational or National Standard81684
NIST SP 800-53 R4, DeprecatedInternational or National Standard81397
PCI SAQ A v3.2Contractual Obligation833
Singapore Corporate GovernanceRegulation or Statute860
ACSI 33Best Practice Guideline710