Monthly Selected Authority Documents - February, 2017

February 1, 2017 | Weekly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard462313
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation4350
CobiTSafe Harbor28186
NIST SP 800-53 R4International or National Standard2875
ISO 27002International or National Standard2796
ISO/IEC 27002:2013(E)International or National Standard2686
FFIEC Information SecurityBest Practice Guideline2353
PCI DSS 3.1Contractual Obligation2332
NIST SP 800-53 R4 High ImpactInternational or National Standard22113
CSIS 20 Critical Security ControlsBest Practice Guideline21104
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard21108
Sarbanes Oxley SOXRegulation or Statute211712
NIST SP 800-171International or National Standard2031
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard1875
Gramm Leach BlileyBill or Act1785
NIST SP 800-53International or National Standard1753
PCI SAQ A v3.1Contractual Obligation1621
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor1593
HIPAABill or Act14138
FedRAMP Baseline Security ControlsAudit Guideline1383
FFIEC ManagementBest Practice Guideline1330
FFIEC Retail Payment SystemsBest Practice Guideline1330
FFIEC AuditBest Practice Guideline1230
FFIEC Business Continuity PlanningBest Practice Guideline1230
FFIEC Development AcquisitionBest Practice Guideline1230
FFIEC E BankingBest Practice Guideline1230
FFIEC OperationsBest Practice Guideline1230
FFIEC Outsourcing Technology ServicesBest Practice Guideline1241
FFIEC Supervision of Technology Service ProvidersBest Practice Guideline1241
FFIEC Wholesale Payment SystemsBest Practice Guideline1230
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1253
UK Data Protection Act of 1998Regulation or Statute12116
Authentication in an Internet Banking EnvironmentBest Practice Guideline1130
ISO 20000-1 2nd EdInternational or National Standard1163
ISO 27005 R 2011International or National Standard1175
ISO 31000 R 2009International or National Standard11123
France Data Protection ActRegulation or Statute1064
Germany Data Protection ActRegulation or Statute1042
NIST SP 800 66Safe Harbor1096
16 CFR Part 313Regulation or Statute975
BSI-Standard 100-2International or National Standard930
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement911
EU Data Protection Directive 95 46 ECInternational or National Standard997
EU Directive on privacy and electronic communicationsInternational or National Standard9106
ISO 20000-2 R 2005International or National Standard963
ITIL Security ManagementBest Practice Guideline953
NIST 800-53AInternational or National Standard953
South African King Report 2002Regulation or Statute985
Sweden Personal Data ActRegulation or Statute942
45 CFR Part 164Regulation or Statute884