Monthly Selected Authority Documents - April, 2018

May 1, 2018 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard508718
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation49573
EU General Data Protection Regulation (GDPR)Regulations47563
NIST SP 800-53 R4International or National Standard46446
Sarbanes Oxley SOXRegulation or Statute416112
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor37333
NIST Cybersecurity FrameworkInternational or National Standard3742
CobiTSafe Harbor31746
NIST SP 800-53 R4 High ImpactInternational or National Standard30673
ISO/IEC 27002:2013(E)International or National Standard276813
FedRAMP Baseline Security ControlsAudit Guideline26334
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard26205
ISO 27002International or National Standard25107
HIPAABill or Act23398
NIST SP 800-53 R4 Low ImpactInternational or National Standard23163
NIST SP 800-53International or National Standard2173
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor2193
Gramm Leach BlileyBill or Act18126
Red Book (Condensed)International or National Standard1811
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard17137
NIST SP 800-171International or National Standard1741
CSIS 20 Critical Security ControlsBest Practice Guideline15674
FFIEC CATBest Practice Guideline1500
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1500
23 NYCRR 500Regulations1302
ISO 31000 R 2009International or National Standard13694
45 CFR Part 164Regulation or Statute12136
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1241
PCI DSS 3.1Contractual Obligation1232
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1121
FFIEC IT Examination HandbookAudit Guideline1100
ISO 27005 R 2011International or National Standard1096
NIST 800-53AInternational or National Standard1063
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement10146
Cloud Security Alliance CCM V1.3Best Practice Guideline9115
COSO ERMSafe Harbor953
ISO/IEC 27018:2014International or National Standard943
PCI SAQ AContractual Obligation964
45 CFR Part 160Regulation or Statute871
45 CFR Part 162Regulation or Statute831
Authentication in an Internet Banking EnvironmentBest Practice Guideline850
Canada Personal Information Protection Electronic Documents ActRegulation or Statute863
Federal Information Security Management Act FISMARegulation or Statute8144
HIPAA Electronic Health Record TechnologyRegulation or Statute873
PCI SAQ A v3.1Contractual Obligation851
EU Data Protection Directive 95 46 ECInternational or National Standard797
FFIEC Business Continuity Planning Handbook 2015Audit Guideline700
FTC FACT Act Red Flags Rule TemplateAudit Guideline791
NERC CIP-003-3International or National Standard710
NIST SP 800 66Safe Harbor785