News

Monthly Selected Authority Documents - December, 2022

January 31, 2023 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST SP 800-53 R5International or National Standard372211
CIS Controls, V8Best Practice Guideline3177
ISO 27001-2013International or National Standard3120217
ISO/IEC 27001:2022International or National Standard3100
NIST CSF 1.1International or National Standard304519
EU General Data Protection Regulation (GDPR)Regulation or Statute2917415
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard2283
ISO/IEC 27002:2022International or National Standard2123
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard20118
PCI DSS v3.2.1Contractual Obligation1974
23 NYCRR 500Regulation or Statute18163
NIST SP 800-53International or National Standard18182
Sarbanes-Oxley Act of 2002Bill or Act1824
ISO/IEC 27701:2019International or National Standard17188
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1630
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1642
CobiTSafe Harbor151671
hipaa security ruleRegulation or Statute1451
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1385
Gramm Leach BlileyBill or Act1330
NIST SP 800-37r2International or National Standard13124
California Privacy Rights Act (CPRA)Bill or Act1231
CIS Controls, V7.1Best Practice Guideline1262
FedRAMP Baseline Security ControlsAudit Guideline121290
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1264
California Consumer Privacy Act of 2018Bill or Act11451
CMMC Level 2, v2.0Best Practice Guideline1166
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement11157
HIPAA Electronic Health Record TechnologyRegulation or Statute1121
ISO/IEC 27002:2013(E)International or National Standard1114413
FedRAMP Security Controls Baseline, 2018Audit Guideline1014
FFIEC CATBest Practice Guideline10151
SSAE 18Safe Harbor1063
CIS Controls V7Best Practice Guideline9252
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard953
ISO 27005 R 2011International or National Standard9178
NIST SP 800 66Safe Harbor9322
NIST SP 800-39International or National Standard9106
PCI DSS v4.0 SAQ ASelf-Regulatory Body Requirement900
COBIT 2019Safe Harbor852
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard898
CRI Profile v1.2Best Practice Guideline870
EU 8th DirectiveRegulation or Statute830
ISO 27002International or National Standard883
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement8199
ISO/IEC 27018:2014International or National Standard8202
NIST SP 800-53 R4International or National Standard843
Red Book (Condensed)International or National Standard8137
16 CFR Part 314, Standards for Safeguarding Customer InformationRegulation or Statute721
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor71434

News

Monthly Selected Authority Documents - December, 2022

December 31, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

 

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard4020217
EU General Data Protection Regulation (GDPR)Regulation or Statute2717415
NIST SP 800-53 R5International or National Standard252111
NIST CSF 1.1International or National Standard234519
CIS Controls, V8Best Practice Guideline1877
ISO/IEC 27001:2022International or National Standard1700
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard17108
CobiTSafe Harbor141671
ISO/IEC 27701:2019International or National Standard14188
ISO/IEC 27002:2022International or National Standard1313
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1373
hipaa security ruleRegulation or Statute1251
Sarbanes-Oxley Act of 2002Bill or Act1224
HIPAA Electronic Health Record TechnologyRegulation or Statute1121
ISO 27002International or National Standard1183
SOC2Safe Harbor1140
California Consumer Privacy Act of 2018Bill or Act10451
California Privacy Rights Act (CPRA)Bill or Act1031
NIST SP 800-53International or National Standard10182
PCI DSS v3.2.1Contractual Obligation1074
23 NYCRR 500Regulation or Statute9163
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline9173
SSAE 18Safe Harbor963
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement8101
FedRAMP Baseline Security ControlsAudit Guideline81290
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute822
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor71434
California Civil Code Section 1798.25-1798.29Regulation or Statute741
CMMC Level 2, v2.0Best Practice Guideline766
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard785
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement7157
NIST Privacy FrameworkInternational or National Standard7147
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard754
Red Book (Condensed)International or National Standard7127
Strategies to Mitigate Targeted Cyber IntrusionsBest Practice Guideline710
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement742
45 CFR Part 160Regulation or Statute644
ACSI 33Best Practice Guideline610
Australian Government Information Security Manual 2021International or National Standard630
CRI Profile v1.2Best Practice Guideline660
HIPAA Electronic Health Record TechnologyRegulation or Statute645
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act6102
India Indian Info Privacy ActRegulation or Statute6170
ISO 27005 R 2011International or National Standard6178
ISO 9001:2015International or National Standard6182
ISO/IEC 27002:2013(E)International or National Standard614413
MAS TRMContractual Obligation6400
MAS-TRMG-2021Contractual Obligation660
NIST SP 800 66Safe Harbor6322
Notice on Cyber HygieneBill or Act630