News

Monthly Selected Authority Documents - September, 2022

October 1, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard3419417
NIST CSF 1.1International or National Standard304219
NIST SP 800-53 R5International or National Standard261811
NIST SP 800-53International or National Standard25182
Sarbanes-Oxley Act of 2002Bill or Act1924
EU General Data Protection Regulation (GDPR)Regulation or Statute1716915
ISO/IEC 27002:2022International or National Standard1613
ISO/IEC 27701:2019International or National Standard16188
23 NYCRR 500Regulation or Statute14133
PCI DSS v3.2.1Contractual Obligation1444
CIS Controls, V8Best Practice Guideline1377
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1320
California Consumer Privacy Act of 2018Bill or Act1231
NIST Privacy FrameworkInternational or National Standard12147
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1243
CobiTSafe Harbor111621
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard11107
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1154
PCI DSS Wireless GuidelineSafe Harbor1181
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline10123
California Consumer Privacy Act of 2018Bill or Act10401
NIST CSF 1.0International or National Standard10112
hipaa security ruleRegulation or Statute951
NIST SP 800-161 r1International or National Standard910
NIST SP 800-39International or National Standard9106
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation91517
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement942
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor81384
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard853
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement8157
ISO 27002International or National Standard883
NIST SP 800-122International or National Standard7128
Brazilian General Data Protection Law (LGPD)Bill or Act630
California's Internet Privacy RequirementsBill or Act651
CMMC Level 2, v2.0Best Practice Guideline665
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard685
Florida Statute ยง 501.171 Security of confidential personal informationRegulation or Statute620
Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possessionRegulation or Statute630
Gramm Leach BlileyBill or Act621
ISO/IEC 27002:2013(E)International or National Standard614413
NIST SP 800-37r2International or National Standard6114
Arizona Revised Statues, Notification of breach of security systemRegulation or Statute520
Childrens Online Privacy Protection ActRegulation or Statute570
CIS Controls, V7.1Best Practice Guideline562
CMMC Level 1, v2.0Best Practice Guideline555
Colorado Privacy ActBill or Act510
Colorado Revised Statutes, Section 6-1-716, Notification of Security BreachRegulation or Statute530
Consumer Data Protection ActBill or Act510
COSO Enterprise Risk Management (2017)Best Practice Guideline5168
COSO ERMSafe Harbor5118