Monthly Selected Authority Documents - December, 2020

January 1, 2021 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
EU General Data Protection Regulation (GDPR)Regulation or Statute371509
ISO 27001-2013International or National Standard311708
NIST CSF 1.1International or National Standard19275
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation171362
CobiTSafe Harbor151492
ISO/IEC 27002:2013(E)International or National Standard151322
NIST SP 800-53 R4 Moderate Impact, DeprecatedInternational or National Standard14706
California Consumer Privacy Act of 2018Bill or Act13311
Sarbanes Oxley SOXRegulation or Statute131391
SWIFT Customer Security Controls FrameworkBest Practice Guideline1300
23 NYCRR 500Regulation or Statute1273
FFIEC Development AcquisitionBest Practice Guideline1231
CIS Controls, V7.1Best Practice Guideline1121
Basel IIRegulation or Statute1030
CIS Controls V7Best Practice Guideline10192
FFIEC Audit April 2012Best Practice Guideline1053
FFIEC ManagementBest Practice Guideline1052
FFIEC Retail Payment Systems 2016Best Practice Guideline1031
ISO 27002International or National Standard1041
ISO/IEC 27701:2019International or National Standard1081
NIST SP 800 66Safe Harbor10181
NIST SP 800-53 R4 High Impact, DeprecatedInternational or National Standard101585
NIST SP 800-53 R4, DeprecatedInternational or National Standard101298
Authentication in an Internet Banking EnvironmentBest Practice Guideline963
FFIEC E BankingBest Practice Guideline931
FFIEC OperationsBest Practice Guideline931
FFIEC Outsourcing Technology ServicesBest Practice Guideline931
FFIEC Supervision of Technology Service ProvidersBest Practice Guideline931
FFIEC Wholesale Payment SystemsBest Practice Guideline931
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor81243
FFIEC AuditBest Practice Guideline801
FFIEC Business Continuity PlanningBest Practice Guideline831
FFIEC Management 2015Best Practice Guideline853
FFIEC Retail Payment SystemsBest Practice Guideline801
Gramm Leach BlileyBill or Act871
NIST SP 800-53 R4International or National Standard820
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard820
CMMC Level 3Best Practice Guideline701
FFIEC IT Examination HandbookAudit Guideline793
Generally Accepted Privacy PrinciplesBest Practice Guideline700
HIPAABill or Act7920
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement7102
NIST Privacy FrameworkInternational or National Standard761
NIST SP 800-53 R4 Low Impact, DeprecatedInternational or National Standard7696
45 CFR Part 164Regulation or Statute682
APRA CPS 234Regulation or Statute620
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline660
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement6100
CMMC Level 5Best Practice Guideline601
FedRAMP Baseline Security ControlsAudit Guideline61130