Monthly Selected Authority Documents - May, 2024

June 1, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST CSF 2.0International or National Standard6311
ISO/IEC 27001:2022International or National Standard44104
CIS Controls, V8Best Practice Guideline27139
NIST SP 800-53 R5International or National Standard272817
ISO/IEC 27002:2022International or National Standard251110
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard24105
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard2265
EU General Data Protection Regulation (GDPR)Regulation or Statute2018519
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard20169
23 NYCRR 500Regulations1933
Sarbanes-Oxley Act of 2002Bill or Act1966
23 NYCRR 500Regulation or Statute17318
Gramm Leach BlileyBill or Act17110
NIST SP 800-53 Revision 5.1.1International or National Standard1700
SOC 2®, 2022Audit Guideline1610
CMMC Level 2, v2.0Best Practice Guideline15106
Digital Operational Resilience ActRegulations1511
FFIEC CATBest Practice Guideline15241
ISO/IEC 27701:2019International or National Standard151910
NIST SP 800-53International or National Standard15172
ISO 27001-2013International or National Standard1421823
COBIT 2019Safe Harbor1392
hipaa security ruleRegulation or Statute1351
NIST AI 100-1Best Practice Guideline1310
Appendix B of 12 CFR Part 30Regulation or Statute12235
CSF V1.1International or National Standard1200
Red Book (Condensed)International or National Standard12227
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1262
California Privacy Rights Act (CPRA)Bill or Act1142
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1161
CobiTSafe Harbor111682
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline11130
NIST Privacy FrameworkInternational or National Standard11157
Notice on Cyber HygieneBill or Act11120
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline10184
California Consumer Privacy Act of 2018Bill or Act10452
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute10102
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1093
Trust Services Criteria (with Revised Points of Focus - 2022)Self-Regulatory Body Requirement1053
16 CFR Part 314, Standards for Safeguarding Customer InformationRegulation or Statute9146
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor91447
CMMC Level 1, v2.0Best Practice Guideline985
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022Regulatory Directive or Guidance911
FFIEC Development AcquisitionBest Practice Guideline9220
FFIEC Information Technology Examination Handbook - Business Continuity ManagementAudit Guideline9205
FFIEC Outsourcing Technology ServicesBest Practice Guideline9221
HIPAA HCFABest Practice Guideline932
MAS Guidelines on OutsourcingBill or Act990
MAS-TRMG-2021Contractual Obligation9160
NIST SP 800-37r2International or National Standard9135