News

Monthly Selected Authority Documents - February, 2022

March 1, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard4018711
NIST SP 800-53 R5International or National Standard2995
EU General Data Protection Regulation (GDPR)Regulation or Statute2316410
NIST CSF 1.1International or National Standard173413
Sarbanes-Oxley Act of 2002Bill or Act1723
CIS Controls, V8Best Practice Guideline1501
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation151474
CobiTSafe Harbor141621
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1442
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1330
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1343
ISO/IEC 27701:2019International or National Standard12123
MAS TRMContractual Obligation12360
HIPAABill or Act11105
hipaa security ruleRegulation or Statute1151
ISO/IEC 27002:2013(E)International or National Standard111397
SOC2Safe Harbor1100
MAS Guidelines on OutsourcingBill or Act1000
MAS-TRMG-2021Contractual Obligation1030
NIST CSF 1.0International or National Standard10112
Notice on Cyber HygieneBill or Act1000
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement10380
Singapore Personal Data Protection Act 2012Regulation or Statute1010
Singapore(PDPC) Guide to Securing Personal Data in Electronic MediumBest Practice Guideline1010
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor91374
Gramm Leach BlileyBill or Act901
NIST SP 800-37r2International or National Standard9104
FedRAMP Security Controls Baseline, 2018Audit Guideline814
ISO 27002International or National Standard872
ISO 9001:2015International or National Standard8182
Notice No.: CMG-N02, Notice On Technology Risk ManagementSelf-Regulatory Body Requirement820
PCI SAQ A v3.2Contractual Obligation863
Singapore Corporate GovernanceRegulation or Statute860
Singapore Personal Data Protection Act 2012 (No. 26 of 2012) Revised Edition 2021Regulation or Statute800
CMMC Level 1Best Practice Guideline742
CMMC Level 3Best Practice Guideline743
COBIT 2019Safe Harbor752
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard7130
ISO 27005 R 2011International or National Standard7123
NIST SP 800-171International or National Standard731
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement7951
PCI DSS Testing Procedures v3.2Contractual Obligation7242
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement742
23 NYCRR 500Regulation or Statute693
California Consumer Privacy Act of 2018Bill or Act6391
CMMC Level 5Best Practice Guideline620
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard653
ITIL Foundation 4Best Practice Guideline600
NIST Privacy FrameworkInternational or National Standard692
NIST SP 800-53 R4International or National Standard643