News

Monthly Selected Authority Documents - May, 2022

June 1, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard4619217
NIST SP 800-53 R5International or National Standard281411
NIST CSF 1.1International or National Standard273919
EU General Data Protection Regulation (GDPR)Regulation or Statute2316915
CIS Controls, V8Best Practice Guideline2167
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1944
ISO/IEC 27002:2022International or National Standard1703
HIPAA Electronic Health Record TechnologyRegulation or Statute1521
Sarbanes-Oxley Act of 2002Bill or Act1524
ISO 27002International or National Standard1472
CobiTSafe Harbor121621
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard1298
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1285
FFIEC CATBest Practice Guideline12101
hipaa security ruleRegulation or Statute1251
SOC2Safe Harbor1200
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard1085
ISO/IEC 27002:2013(E)International or National Standard1014413
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1097
NIST SP 800-53 R4International or National Standard1043
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation101507
23 NYCRR 500Regulation or Statute9103
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement900
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline900
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement9199
MAS-TRMG-2021Contractual Obligation930
NIST SP 800-37r2International or National Standard9104
SWIFT Customer Security Controls FrameworkBest Practice Guideline900
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor81374
California Consumer Privacy Act of 2018Bill or Act811
Cloud Security Alliance CCM V1.3Best Practice Guideline851
FFIEC Audit April 2012Best Practice Guideline862
Gramm Leach BlileyBill or Act801
ISO/IEC 27701:2019International or National Standard8178
NIST SP 800-39International or National Standard8106
NIST SP 800-53International or National Standard8171
Authentication in an Internet Banking EnvironmentBest Practice Guideline772
CIS Controls, V7.1Best Practice Guideline762
EBA/GL/2019/04Regulation or Statute730
ITIL Foundation 4Best Practice Guideline700
NIST CSF 1.0International or National Standard7112
NIST SP 800 66Safe Harbor7261
OWASP Top 10 - 2017International or National Standard785
Red Book (Condensed)International or National Standard7117
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement742
CMMC Level 1, v2.0Best Practice Guideline655
Federal Information Security Management Act FISMARegulation or Statute641
FFIEC Business Continuity PlanningBest Practice Guideline640
FFIEC ManagementBest Practice Guideline661
FFIEC Wholesale Payment SystemsBest Practice Guideline640