| ISO 27001-2013 | International or National Standard | 51 | 199 | 17 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 35 | 173 | 15 |
| NIST SP 800-53 R5 | International or National Standard | 33 | 19 | 11 |
| NIST CSF 1.1 | International or National Standard | 24 | 43 | 19 |
| ISO/IEC 27002:2022 | International or National Standard | 21 | 1 | 3 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 18 | 2 | 4 |
| ISO 27002 | International or National Standard | 17 | 8 | 3 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 17 | 19 | 9 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 17 | 10 | 7 |
| NIST SP 800-53 | International or National Standard | 15 | 18 | 2 |
| CIS Controls, V8 | Best Practice Guideline | 14 | 7 | 7 |
| ISO/IEC 27701:2019 | International or National Standard | 14 | 18 | 8 |
| PCI DSS v3.2.1 | Contractual Obligation | 14 | 6 | 4 |
| PCI DSS Defined Approach Requirements, Version 4.0 | International or National Standard | 12 | 5 | 3 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 10 | 8 | 5 |
| hipaa security rule | Regulation or Statute | 10 | 5 | 1 |
| ISO/IEC 27018:2019 | International or National Standard | 10 | 0 | 0 |
| NIST Privacy Framework | International or National Standard | 10 | 14 | 7 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 10 | 152 | 7 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | Self-Regulatory Body Requirement | 10 | 4 | 2 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 9 | 142 | 4 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 9 | 16 | 3 |
| California Privacy Rights Act (CPRA) | Bill or Act | 9 | 3 | 1 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 9 | 2 | 0 |
| NIST SP 800-39 | International or National Standard | 9 | 10 | 6 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | International or National Standard | 8 | 5 | 3 |
| FedRAMP Baseline Security Controls | Audit Guideline | 8 | 128 | 0 |
| NIST SP 800 66 | Safe Harbor | 8 | 31 | 2 |
| NIST SP 800-37r2 | International or National Standard | 8 | 11 | 4 |
| Red Book (Condensed) | International or National Standard | 8 | 12 | 7 |
| CMMC Level 2, v2.0 | Best Practice Guideline | 7 | 6 | 5 |
| CobiT | Safe Harbor | 7 | 166 | 1 |
| EBA/GL/2019/04 | Regulation or Statute | 7 | 10 | 0 |
| FFIEC CAT | Best Practice Guideline | 7 | 13 | 1 |
| HIPAA | Bill or Act | 7 | 10 | 5 |
| ISO/IEC 27002:2013(E) | International or National Standard | 7 | 144 | 13 |
| ISO/IEC 27018:2014 | International or National Standard | 7 | 19 | 2 |
| 21 CFR Part 11 | Regulation or Statute | 6 | 33 | 0 |
| AICPA Trust Services | Audit Guideline | 6 | 6 | 1 |
| California Consumer Privacy Act of 2018 | Bill or Act | 6 | 44 | 1 |
| Canada Privacy Policy Principles | Regulation or Statute | 6 | 3 | 2 |
| COSO Internal Control - Integrated Framework | Self-Regulatory Body Requirement | 6 | 15 | 7 |
| ISO 27005 R 2011 | International or National Standard | 6 | 17 | 8 |
| UK Data Protection Act 2018 | Bill or Act | 6 | 19 | 0 |
| 23 NYCRR 500 | Regulation or Statute | 5 | 14 | 3 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 5 | 10 | 1 |
| CMMC Level 1, v2.0 | Best Practice Guideline | 5 | 5 | 5 |
| CRI Profile v1.2 | Best Practice Guideline | 5 | 5 | 0 |
| FedRAMP Security Controls Baseline, 2018 | Audit Guideline | 5 | 1 | 4 |
| FFIEC Information Technology Examination Handbook - Business Continuity Management | Audit Guideline | 5 | 19 | 5 |
