News

Monthly Selected Authority Documents - October, 2021

November 1, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard5218611
NIST SP 800-53 R5International or National Standard3183
NIST CSF 1.1International or National Standard293412
EU General Data Protection Regulation (GDPR)Regulation or Statute2816410
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation2343
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation201464
HIPAABill or Act1894
FedRAMP Security Controls Baseline, 2018Audit Guideline1714
ISO/IEC 27002:2013(E)International or National Standard171387
CobiTSafe Harbor161621
hipaa security ruleRegulation or Statute1641
ISO/IEC 27701:2019International or National Standard16113
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor151374
CIS Controls, V8Best Practice Guideline1500
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1420
FedRAMP Baseline Security ControlsAudit Guideline141240
NIST SP 800-53International or National Standard14161
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement13134
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1232
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1100
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard11130
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1042
23 NYCRR 500Regulation or Statute993
California Consumer Privacy Act of 2018Bill or Act911
CMMC Level 1Best Practice Guideline932
HIPAA Electronic Health Record TechnologyRegulation or Statute911
HIPAA Electronic Health Record TechnologyRegulation or Statute935
ISO 9001:2015International or National Standard9182
NIST SP 800 66Safe Harbor9251
PCI SAQ AContractual Obligation930
PCI SAQ A v3.1Contractual Obligation940
PCI SAQ A v3.2Contractual Obligation953
Sarbanes-Oxley Act of 2002Bill or Act923
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement8102
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act8102
Information Supplement: PCI DSS Cloud Computing GuidelinesContractual Obligation862
ISO 27002International or National Standard872
ISO/IEC 27018:2014International or National Standard8152
MAS-TRMG-2021Contractual Obligation830
NICE NISTInternational or National Standard8121
Red Book (Condensed)International or National Standard894
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor893
Trust Services CriteriaSelf-Regulatory Body Requirement862
California Consumer Privacy Act of 2018Bill or Act7391
CMMC Level 2Best Practice Guideline732
CMMC Level 3Best Practice Guideline732
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard733
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard743
FFIEC IT Examination HandbookAudit Guideline7122
Information Supplement: Best Practices for Implementing a Security Awareness ProgramContractual Obligation730