Monthly Selected Authority Documents - March, 2024

April 1, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST CSF 2.0International or National Standard6311
EU General Data Protection Regulation (GDPR)Regulation or Statute4018519
ISO/IEC 27002:2022International or National Standard401010
CIS Controls, V8Best Practice Guideline39139
ISO/IEC 27001:2022International or National Standard39104
NIST SP 800-53 Revision 5.1.1International or National Standard3200
NIST SP 800-53 R5International or National Standard302717
23 NYCRR 500Regulation or Statute28297
ISO/IEC 27701:2019International or National Standard261910
23 NYCRR 500Regulations2422
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard22169
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard2165
CSF V1.1International or National Standard2000
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1995
CobiTSafe Harbor181682
ISO 27001-2013International or National Standard1821723
NIST AI 100-1Best Practice Guideline1810
Sarbanes-Oxley Act of 2002Bill or Act1856
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline17184
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1661
Gramm Leach BlileyBill or Act1630
OWASP Top 10 - 2021Organizational Governance Documents1611
Digital Operational Resilience ActRegulations1511
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022Regulatory Directive or Guidance1411
HIPAABill or Act14104
hipaa security ruleRegulation or Statute1351
India Indian Info Privacy ActRegulation or Statute13250
NIST CSF 1.1International or National Standard136123
Australia Privacy Amendment ActRegulation or Statute12200
California Privacy Rights Act (CPRA)Bill or Act1242
NIST Privacy FrameworkInternational or National Standard12157
Cyber Assurance FrameworkBest Practice Guideline1111
FedRAMP Version 5 Moderate BaselineAudit Guideline1100
FFIEC IT Examination HandbookAudit Guideline11222
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline1150
FFIEC Outsourcing Technology ServicesBest Practice Guideline11141
HIPAA HCFABest Practice Guideline1132
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement112311
NIST SP 800-53International or National Standard11172
PCI DSS v3.2.1Contractual Obligation1184
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard1160
ISO 9001:2015International or National Standard10226
ISO/IEC 27018:2019International or National Standard1032
Australian Government Information Security Manual, September 2023International or National Standard900
FINRA Report on Cybersecurity PracticesSelf-Regulatory Body Requirement991
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act9102
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline932
ISO 22301:2019(E)International or National Standard912
ITIL Foundation 4Best Practice Guideline901
MAS TRMContractual Obligation9480