News

Monthly Selected Authority Documents - April, 2024

May 1, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST CSF 2.0International or National Standard7111
ISO/IEC 27001:2022International or National Standard43104
ISO/IEC 27002:2022International or National Standard321010
NIST SP 800-53 R5International or National Standard302817
CIS Controls, V8Best Practice Guideline29139
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard24105
ISO/IEC 27701:2019International or National Standard221910
NIST SP 800-53 Revision 5.1.1International or National Standard2000
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1965
CobiTSafe Harbor181682
EU General Data Protection Regulation (GDPR)Regulation or Statute1818519
Sarbanes-Oxley Act of 2002Bill or Act1856
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1661
ISO 27001-2013International or National Standard1621823
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard16169
PCI DSS v3.2.1Contractual Obligation1684
Digital Operational Resilience ActRegulations1511
ISO 27002International or National Standard1585
hipaa security ruleRegulation or Statute1451
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement142311
23 NYCRR 500Regulations1322
FFIEC CATBest Practice Guideline13241
NIST SP 800-53International or National Standard13172
SOC 2®, 2022Audit Guideline1300
SWIFT Customer Security Controls FrameworkBest Practice Guideline1300
FFIEC IT Examination HandbookAudit Guideline12222
NIST CSF 1.1International or National Standard126223
23 NYCRR 500Regulation or Statute11307
ISO 27005:2018International or National Standard1111
NIST SP 800-171International or National Standard1142
Trust Services Criteria (with Revised Points of Focus - 2022)Self-Regulatory Body Requirement1153
Gramm Leach BlileyBill or Act1030
NIST Privacy FrameworkInternational or National Standard10157
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor91447
CMMC Level 2, v2.0Best Practice Guideline9106
ISO/IEC 27018:2019International or National Standard932
NIST AI 100-1Best Practice Guideline910
NIST SP 800-37r2International or National Standard9135
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard8108
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard895
CSF V1.1International or National Standard800
HIPAABill or Act8104
ISO 31000:2018International or National Standard8247
NIST SP 800-63BInternational or National Standard8118
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor893
COBIT 2019Safe Harbor752
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard7115
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement7248
FedRAMP Version 5 Moderate BaselineAudit Guideline700
HIPAA Electronic Health Record TechnologyRegulation or Statute721