| NIST SP 800-53 R5 | International or National Standard | 34 | 26 | 14 |
| ISO/IEC 27001:2022 | International or National Standard | 22 | 5 | 3 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 19 | 179 | 16 |
| ISO 27001-2013 | International or National Standard | 17 | 209 | 19 |
| ISO/IEC 27002:2022 | International or National Standard | 17 | 3 | 5 |
| NIST CSF 1.1 | International or National Standard | 17 | 53 | 22 |
| PCI DSS Defined Approach Requirements, Version 4.0 | International or National Standard | 17 | 8 | 3 |
| HIPAA | Bill or Act | 14 | 10 | 4 |
| CobiT | Safe Harbor | 13 | 167 | 1 |
| CIS Controls, V8 | Best Practice Guideline | 12 | 9 | 8 |
| ISO 27002 | International or National Standard | 11 | 8 | 2 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 11 | 5 | 6 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 10 | 144 | 4 |
| ISO/IEC 27701:2019 | International or National Standard | 9 | 18 | 8 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 9 | 12 | 8 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 8 | 3 | 0 |
| CMMC Level 2, v2.0 | Best Practice Guideline | 8 | 7 | 6 |
| FedRAMP Baseline Security Controls | Audit Guideline | 8 | 129 | 0 |
| hipaa security rule | Regulation or Statute | 8 | 5 | 1 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | International or National Standard | 8 | 6 | 4 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 7 | 18 | 4 |
| NIST SP 800-171 | International or National Standard | 7 | 4 | 2 |
| NIST SP 800-39 | International or National Standard | 7 | 15 | 6 |
| NIST SP 800-53 | International or National Standard | 7 | 17 | 1 |
| PCI DSS v3.2.1 | Contractual Obligation | 7 | 8 | 4 |
| SOC2 | Safe Harbor | 7 | 5 | 0 |
| CIS Controls, V7.1 | Best Practice Guideline | 6 | 8 | 4 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 6 | 2 | 1 |
| NIST SP 800-30 | International or National Standard | 6 | 22 | 12 |
| COSO ERM | Safe Harbor | 5 | 11 | 8 |
| France Data Protection Act | Regulation or Statute | 5 | 2 | 1 |
| Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading | Regulation or Statute | 5 | 2 | 2 |
| HIPAA HCFA | Best Practice Guideline | 5 | 3 | 2 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | International or National Standard | 5 | 19 | 0 |
| MAS-TRMG-2021 | Contractual Obligation | 5 | 7 | 0 |
| Netherlands Personal Data Protection Act | Regulation or Statute | 5 | 2 | 0 |
| NIST Privacy Framework | International or National Standard | 5 | 15 | 7 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | Safe Harbor | 5 | 9 | 3 |
| SWIFT Customer Security Controls Framework | Best Practice Guideline | 5 | 0 | 0 |
| California Consumer Privacy Act of 2018 | Bill or Act | 4 | 44 | 1 |
| California Privacy Rights Act (CPRA) | Bill or Act | 4 | 2 | 1 |
| China Personal Data Ordinance of Hong Kong 2 | Regulation or Statute | 4 | 7 | 0 |
| CIS SuSE Linux Enterprise Server | Best Practice Guideline | 4 | 5 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | International or National Standard | 4 | 10 | 8 |
| EBA/GL/2019/04 | Regulation or Statute | 4 | 17 | 0 |
| EU 8th Directive | Regulation or Statute | 4 | 9 | 1 |
| FedRAMP Security Controls Baseline, 2018 | Audit Guideline | 4 | 1 | 4 |
| Gramm Leach Bliley | Bill or Act | 4 | 3 | 0 |
| Hong Kong Personal Data (Privacy) Ordinance 2013 | Bill or Act | 4 | 4 | 0 |
| Ireland Consolidated Data Protection Acts of 1988 and 2003 | Regulation or Statute | 4 | 5 | 0 |
