Monthly Selected Authority Documents - February, 2024

March 1, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
EU General Data Protection Regulation (GDPR)Regulation or Statute4118519
NIST SP 800-53 R5International or National Standard402717
ISO/IEC 27001:2022International or National Standard39104
CIS Controls, V8Best Practice Guideline32139
ISO/IEC 27002:2022International or National Standard281010
ISO/IEC 27701:2019International or National Standard241910
NIST SP 800-53 Revision 5.1.1International or National Standard2400
ISO 27001-2013International or National Standard2321723
23 NYCRR 500Regulations2011
CobiTSafe Harbor201682
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement20248
NIST CSF 1.1International or National Standard206123
23 NYCRR 500Regulation or Statute19286
NIST AI 100-1Best Practice Guideline1910
California Consumer Privacy Act of 2018Bill or Act18452
CMMC Level 2, v2.0Best Practice Guideline18106
Digital Operational Resilience ActRegulations1811
hipaa security ruleRegulation or Statute1851
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1661
California Privacy Rights Act (CPRA)Bill or Act1542
CSF V1.1International or National Standard1500
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard15169
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1595
Sarbanes-Oxley Act of 2002Bill or Act1556
Trust Services Criteria (with Revised Points of Focus - 2022)Self-Regulatory Body Requirement1553
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor141447
FedRAMP Baseline Security ControlsAudit Guideline141290
ISO 9001:2015International or National Standard14226
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022Regulatory Directive or Guidance1311
NIST SP 800-53 R4International or National Standard1353
AICPA/CICA Privacy Management FrameworkBest Practice Guideline1200
Cross Border Privacy AssessmentBest Practice Guideline1231
ISO 22301:2019(E)International or National Standard1212
NIST SP 800 66Safe Harbor12311
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard1260
SOC 2®, 2022Audit Guideline1200
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1293
AICPA PrivacySafe Harbor1161
CMMC Level 1, v2.0Best Practice Guideline1185
Cyber Essentials Scheme (CES) QuestionnaireBest Practice Guideline1175
Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts, European CommissionBest Practice Guideline1131
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard11191
ISO 31000 R 2009International or National Standard111701
ISO 31000:2018International or National Standard11247
PCI DSS Testing Procedures v3.2Contractual Obligation11292
PCI DSS v3.2.1Contractual Obligation1184
Personal Information Protection Law of the People's Republic of ChinaBill or Act1121
COBIT 2019Safe Harbor1052
Cyber Essentials Self-Assessment, Version 13Best Practice Guideline1055
EU-US Privacy Shield Framework Principles Annex IIRegulation or Statute1020