Monthly Selected Authority Documents - August, 2018

September 1, 2018 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard9710420
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation52738
NIST SP 800-53 R4International or National Standard48498
EU General Data Protection Regulation (GDPR)Regulation or Statute43673
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard42236
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor40414
NIST SP 800-53 R4 High ImpactInternational or National Standard36804
Sarbanes Oxley SOXRegulation or Statute357416
ISO/IEC 27002:2013(E)International or National Standard338216
NIST SP 800-53 R4 Low ImpactInternational or National Standard33194
HIPAABill or Act32418
HIPAA Electronic Health Record TechnologyRegulation or Statute2873
ISO 27002International or National Standard22117
CobiTSafe Harbor21866
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1861
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1610
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor16113
FedRAMP Baseline Security ControlsAudit Guideline15365
NIST 800-53AInternational or National Standard1563
NIST Cybersecurity FrameworkInternational or National Standard1552
NIST SP 800 66Safe Harbor1585
CSIS 20 Critical Security ControlsBest Practice Guideline14794
ISO 27005 R 2011International or National Standard14116
Gramm Leach BlileyBill or Act131210
HIPAA HCFABest Practice Guideline13162
ISO 31000 R 2009International or National Standard13804
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard13177
ISO/IEC 27018:2014International or National Standard1243
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1212
PCI SAQ A v3.1Contractual Obligation1251
23 NYCRR 500Regulation or Statute1106
CIS 20 Critical Security ControlsBest Practice Guideline1162
Cloud Security Alliance CCM V1.3Best Practice Guideline11126
Federal Information Security Management Act FISMARegulation or Statute11144
NIST SP 800-122International or National Standard11102
Red Book (Condensed)International or National Standard1011
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act9102
India Indian Info Privacy ActRegulation or Statute960
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute994
NIST SP 800-53International or National Standard993
AICPA Trust ServicesAudit Guideline851
BSI-Standard 100-2International or National Standard890
Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard800
Germany Data Protection ActRegulation or Statute852
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline800
NIST SP 800-171International or National Standard841
45 CFR Part 164Regulation or Statute7136
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement741
Basel IIRegulation or Statute731
Canada Personal Information Protection Electronic Documents ActRegulation or Statute763