Monthly Selected Authority Documents - July, 2023

August 1, 2023

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard2783
NIST SP 800-53 R5International or National Standard222615
NIST CSF 1.1International or National Standard205722
ISO/IEC 27001:2022International or National Standard1963
CIS Controls, V8Best Practice Guideline16108
PCI DSS v3.2.1Contractual Obligation1284
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1130
EU General Data Protection Regulation (GDPR)Regulation or Statute1118418
Sarbanes-Oxley Act of 2002Bill or Act1156
ISO 27001-2013International or National Standard1021321
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard10138
NIST SP 800-53International or National Standard10171
23 NYCRR 500Regulation or Statute9264
NIST SP 800-39International or National Standard9196
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline8184
hipaa security ruleRegulation or Statute851
California Consumer Privacy Act of 2018Bill or Act7441
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard795
ISO/IEC 27002:2022International or National Standard735
NIST SP 800-37r2International or National Standard7135
PCI DSS v4.0 SAQ D MerchantsContractual Obligation721
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor61446
Basel IIRegulation or Statute6120
California Privacy Rights Act (CPRA)Bill or Act631
CobiTSafe Harbor61671
COBIT 2019Safe Harbor652
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8Organizational Directive641
ISO 27002International or National Standard684
Kansas Statutes, Protection Of Consumer InformationRegulation or Statute600
Nevada Revised Statutes, Chapter 603ARegulation or Statute620
NIST AI 100-1Best Practice Guideline600
NIST Privacy FrameworkInternational or National Standard6157
PCI DSS v4 SAQ D for Service ProvidersSelf-Regulatory Body Requirement600
Red Book (Condensed)International or National Standard6147
Trust Services Criteria (with Revised Points of Focus - 2022)Self-Regulatory Body Requirement600
3 CCR 702-6Regulation or Statute510
Alaska Personal Information Protection Act, Chapter 48Regulation or Statute521
Arkansas Personal Information Protection ActRegulation or Statute510
Canada Personal Information Protection Electronic Documents ActRegulation or Statute512
Childrens Online Privacy Protection ActRegulation or Statute560
Code of Alabama, Sections 13A-8-190 thru 13A-8-201Regulation or Statute532
Consumer Data Protection ActBill or Act500
COSO ERMSafe Harbor5118
Delaware Code, Title 6, Subtitle II, Chapter 12B, Sections 12B-101 thru 104Regulation or Statute510
FedRAMP Baseline Security ControlsAudit Guideline51290
FINRA Report on Cybersecurity PracticesSelf-Regulatory Body Requirement591
Florida Statute ยง 501.171 Security of confidential personal informationRegulation or Statute510
General Laws of Massachusetts, Chapter 93H, Security BreachesRegulation or Statute520
Guam Notification of Breaches of Personal InformationRegulation or Statute500
Hawaii Revised Statute, Section 487N, Security Breach of Personal InformationRegulation or Statute500