Monthly Selected Authority Documents - December, 2022

December 31, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard4020217
EU General Data Protection Regulation (GDPR)Regulation or Statute2717415
NIST SP 800-53 R5International or National Standard252111
NIST CSF 1.1International or National Standard234519
CIS Controls, V8Best Practice Guideline1877
ISO/IEC 27001:2022International or National Standard1700
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard17108
CobiTSafe Harbor141671
ISO/IEC 27701:2019International or National Standard14188
ISO/IEC 27002:2022International or National Standard1313
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1373
hipaa security ruleRegulation or Statute1251
Sarbanes-Oxley Act of 2002Bill or Act1224
HIPAA Electronic Health Record TechnologyRegulation or Statute1121
ISO 27002International or National Standard1183
SOC2Safe Harbor1140
California Consumer Privacy Act of 2018Bill or Act10451
California Privacy Rights Act (CPRA)Bill or Act1031
NIST SP 800-53International or National Standard10182
PCI DSS v3.2.1Contractual Obligation1074
23 NYCRR 500Regulation or Statute9163
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline9173
SSAE 18Safe Harbor963
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement8101
FedRAMP Baseline Security ControlsAudit Guideline81290
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute822
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor71434
California Civil Code Section 1798.25-1798.29Regulation or Statute741
CMMC Level 2, v2.0Best Practice Guideline766
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard785
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement7157
NIST Privacy FrameworkInternational or National Standard7147
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard754
Red Book (Condensed)International or National Standard7127
Strategies to Mitigate Targeted Cyber IntrusionsBest Practice Guideline710
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement742
45 CFR Part 160Regulation or Statute644
ACSI 33Best Practice Guideline610
Australian Government Information Security Manual 2021International or National Standard630
CRI Profile v1.2Best Practice Guideline660
HIPAA Electronic Health Record TechnologyRegulation or Statute645
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act6102
India Indian Info Privacy ActRegulation or Statute6170
ISO 27005 R 2011International or National Standard6178
ISO 9001:2015International or National Standard6182
ISO/IEC 27002:2013(E)International or National Standard614413
MAS TRMContractual Obligation6400
MAS-TRMG-2021Contractual Obligation660
NIST SP 800 66Safe Harbor6322
Notice on Cyber HygieneBill or Act630