| PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
27 |
8 |
3 |
| NIST SP 800-53 R5 |
International or National Standard |
22 |
26 |
15 |
| NIST CSF 1.1 |
International or National Standard |
20 |
57 |
22 |
| ISO/IEC 27001:2022 |
International or National Standard |
19 |
6 |
3 |
| CIS Controls, V8 |
Best Practice Guideline |
16 |
10 |
8 |
| PCI DSS v3.2.1 |
Contractual Obligation |
12 |
8 |
4 |
| Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
11 |
3 |
0 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
11 |
184 |
18 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
11 |
5 |
6 |
| ISO 27001-2013 |
International or National Standard |
10 |
213 |
21 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
10 |
13 |
8 |
| NIST SP 800-53 |
International or National Standard |
10 |
17 |
1 |
| 23 NYCRR 500 |
Regulation or Statute |
9 |
26 |
4 |
| NIST SP 800-39 |
International or National Standard |
9 |
19 |
6 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
8 |
18 |
4 |
| hipaa security rule |
Regulation or Statute |
8 |
5 |
1 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
7 |
44 |
1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
7 |
9 |
5 |
| ISO/IEC 27002:2022 |
International or National Standard |
7 |
3 |
5 |
| NIST SP 800-37r2 |
International or National Standard |
7 |
13 |
5 |
| PCI DSS v4.0 SAQ D Merchants |
Contractual Obligation |
7 |
2 |
1 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
6 |
144 |
6 |
| Basel II |
Regulation or Statute |
6 |
12 |
0 |
| California Privacy Rights Act (CPRA) |
Bill or Act |
6 |
3 |
1 |
| CobiT |
Safe Harbor |
6 |
167 |
1 |
| COBIT 2019 |
Safe Harbor |
6 |
5 |
2 |
| Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8 |
Organizational Directive |
6 |
4 |
1 |
| ISO 27002 |
International or National Standard |
6 |
8 |
4 |
| Kansas Statutes, Protection Of Consumer Information |
Regulation or Statute |
6 |
0 |
0 |
| Nevada Revised Statutes, Chapter 603A |
Regulation or Statute |
6 |
2 |
0 |
| NIST AI 100-1 |
Best Practice Guideline |
6 |
0 |
0 |
| NIST Privacy Framework |
International or National Standard |
6 |
15 |
7 |
| PCI DSS v4 SAQ D for Service Providers |
Self-Regulatory Body Requirement |
6 |
0 |
0 |
| Red Book (Condensed) |
International or National Standard |
6 |
13 |
7 |
| Trust Services Criteria (with Revised Points of Focus - 2022) |
Self-Regulatory Body Requirement |
6 |
0 |
0 |
| 3 CCR 702-6 |
Regulation or Statute |
5 |
1 |
0 |
| Alaska Personal Information Protection Act, Chapter 48 |
Regulation or Statute |
5 |
2 |
1 |
| Arkansas Personal Information Protection Act |
Regulation or Statute |
5 |
1 |
0 |
| Canada Personal Information Protection Electronic Documents Act |
Regulation or Statute |
5 |
1 |
2 |
| Childrens Online Privacy Protection Act |
Regulation or Statute |
5 |
6 |
0 |
| Code of Alabama, Sections 13A-8-190 thru 13A-8-201 |
Regulation or Statute |
5 |
3 |
2 |
| Consumer Data Protection Act |
Bill or Act |
5 |
0 |
0 |
| COSO ERM |
Safe Harbor |
5 |
11 |
8 |
| Delaware Code, Title 6, Subtitle II, Chapter 12B, Sections 12B-101 thru 104 |
Regulation or Statute |
5 |
1 |
0 |
| FedRAMP Baseline Security Controls |
Audit Guideline |
5 |
129 |
0 |
| FINRA Report on Cybersecurity Practices |
Self-Regulatory Body Requirement |
5 |
9 |
1 |
| Florida Statute § 501.171 Security of confidential personal information |
Regulation or Statute |
5 |
1 |
0 |
| General Laws of Massachusetts, Chapter 93H, Security Breaches |
Regulation or Statute |
5 |
2 |
0 |
| Guam Notification of Breaches of Personal Information |
Regulation or Statute |
5 |
0 |
0 |
| Hawaii Revised Statute, Section 487N, Security Breach of Personal Information |
Regulation or Statute |
5 |
0 |
0 |
