Monthly Selected Authority Documents - December, 2023

January 1, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST CSF 1.1International or National Standard386123
ISO/IEC 27001:2022International or National Standard30104
CIS Controls, V8Best Practice Guideline28139
EU General Data Protection Regulation (GDPR)Regulation or Statute2518519
ISO 27001-2013International or National Standard2221622
PCI DSS v3.2.1Contractual Obligation2084
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1884
ISO/IEC 27002:2022International or National Standard171010
Sarbanes-Oxley Act of 2002Bill or Act1656
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement152311
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1462
23 NYCRR 500Regulations1311
AICPA Trust ServicesAudit Guideline1361
CIS Controls, V7.1Best Practice Guideline1384
ISO/IEC 27018:2019International or National Standard1332
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard13158
NIST SP 800-53 R5International or National Standard132717
ISO/IEC 27701:2019International or National Standard12189
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor111447
FFIEC Information Technology Examination Handbook - Business Continuity ManagementAudit Guideline11205
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline1150
Gramm Leach BlileyBill or Act1130
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline10184
FedRAMP Security Controls Baseline, 2018Audit Guideline1014
FFIEC CATBest Practice Guideline10231
FFIEC IT Examination HandbookAudit Guideline10222
FFIEC Outsourcing Technology ServicesBest Practice Guideline10130
FINRA Report on Cybersecurity PracticesSelf-Regulatory Body Requirement1091
Hong Kong Monetary Authority: The Cyber Resilience Assessment Framework, 18 May 2016Best Practice Guideline1030
MAS-TRMG-2021Contractual Obligation1070
NFA Information Systems Security ProgramsSelf-Regulatory Body Requirement10151
NIST CSF 1.0International or National Standard10122
Notice on Cyber HygieneBill or Act10110
UK Data Protection Act 2018Bill or Act10200
Australia Privacy Amendment ActRegulation or Statute9200
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement950
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard9108
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard9115
COSO Enterprise Risk Management (2017)Best Practice Guideline9259
COSO ERMSafe Harbor9118
FFIEC Development AcquisitionBest Practice Guideline9140
HKMA General Principles for Technology Risk ManagementRegulation or Statute9280
Hong Kong Personal Data (Privacy) Ordinance 2013Bill or Act980
ISO 27002International or National Standard984
MAS Guidelines on OutsourcingBill or Act910
MAS TRMContractual Obligation9480
NIST SP 800-122International or National Standard9229
NIST SP 800-39International or National Standard9196
NIST SP 800-53 R4International or National Standard953
NIST SP 800-53 Revision 5.1.1International or National Standard900