News

Monthly Selected Authority Documents - September, 2023

October 1, 2023

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

 

AD Common NameAD TypeSelectedGroupsInitiatives
ISO/IEC 27001:2022International or National Standard4373
EU General Data Protection Regulation (GDPR)Regulation or Statute3918519
NIST SP 800-53 R5International or National Standard382615
NIST CSF 1.1International or National Standard365822
ISO/IEC 27002:2022International or National Standard2845
HIPAABill or Act22104
CIS Controls, V8Best Practice Guideline21119
CobiTSafe Harbor191671
hipaa security ruleRegulation or Statute1951
ISO 27001-2013International or National Standard1921321
ISO/IEC 27701:2019International or National Standard19188
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1983
Sarbanes-Oxley Act of 2002Bill or Act1956
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1730
CMMC Level 2, v2.0Best Practice Guideline1776
PCI DSS v3.2.1Contractual Obligation1684
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard15138
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1464
SOC2Safe Harbor1450
23 NYCRR 500Regulation or Statute13275
FFIEC CATBest Practice Guideline13231
NIST SP 800-37r2International or National Standard13135
California Privacy Rights Act (CPRA)Bill or Act1242
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1295
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1242
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard11108
HIPAA Electronic Health Record TechnologyRegulation or Statute1121
HIPAA HCFABest Practice Guideline1132
ISO/IEC 27018:2019International or National Standard1111
NIST CSF 1.0International or National Standard11122
NIST SP 800 66Safe Harbor11311
NIST SP 800-53International or National Standard11171
California Consumer Privacy Act of 2018Bill or Act10452
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard1095
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard1063
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement102110
NIST AI 100-1Best Practice Guideline1000
Gramm Leach BlileyBill or Act930
Shared Assessments SIG - E. Human Resource SecurityAudit Guideline997
Shared Assessments SIG - P. PrivacyAudit Guideline986
Shared Assessments SIG - V. CloudAudit Guideline997
CMS Information Security Risk Assessment IS RA ProcedureSelf-Regulatory Body Requirement812
Consumer Data Protection ActBill or Act800
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement8237
CRI Profile v1.2Best Practice Guideline860
NIST Privacy FrameworkInternational or National Standard8157
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard890
Shared Assessments SIG - A. Risk ManagementAudit Guideline897
Shared Assessments SIG - B. Security PolicyAudit Guideline897
Shared Assessments SIG - C. Organizational SecurityAudit Guideline897