Monthly Selected Authority Documents - February, 2019

March 1, 2019 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7412621
NIST SP 800-53 R4International or National Standard507110
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard40338
EU General Data Protection Regulation (GDPR)Regulation or Statute36896
NIST SP 800-53 R4 High ImpactInternational or National Standard341016
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation34939
NIST SP 800-53 R4 Low ImpactInternational or National Standard33286
Sarbanes Oxley SOXRegulation or Statute269416
HIPAA Electronic Health Record TechnologyRegulation or Statute2373
ISO/IEC 27002:2013(E)International or National Standard2310117
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor22596
NIST Cybersecurity FrameworkInternational or National Standard2172
FedRAMP Baseline Security ControlsAudit Guideline20555
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement2011
NIST CSF 1.0International or National Standard18197
ISO 27002International or National Standard17117
45 CFR Part 164Regulation or Statute16136
CIS Controls V7Best Practice Guideline1600
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1661
ISO/IEC 27018:2014International or National Standard1643
HIPAABill or Act15528
NIST SP 800-53International or National Standard1593
45 CFR Part 160Regulation or Statute1371
45 CFR Part 162Regulation or Statute1331
EISPOrganizational Governance Documents1300
FFIEC CATBest Practice Guideline1322
Gramm Leach BlileyBill or Act131210
23 NYCRR 500Regulation or Statute1206
ISO 27005 R 2011International or National Standard12116
NIST CSF 1.1International or National Standard1110
PCI DSS Testing Procedures v3.2Contractual Obligation1130
NIST SP 800 66Safe Harbor1095
California Consumer Privacy Act of 2018Bill or Act940
FFIEC IT Examination HandbookAudit Guideline900
HIPAA HCFABest Practice Guideline9182
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard931
MAS TRMContractual Obligation940
NIST SP 800-171International or National Standard952
PCI SAQ A v3.1Contractual Obligation951
Colorado Revised Statutes, Section 6-1-713, Disposal of Personal Identifying DocumentsRegulation or Statute841
ISO 31000 R 2009International or National Standard81014
ISO 9001:2015International or National Standard831
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute894
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard812
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement741
Australia Privacy Amendment ActRegulation or Statute7156
Canada Personal Information Protection Electronic Documents ActRegulation or Statute764
Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possessionRegulation or Statute740
Germany Data Protection ActRegulation or Statute752
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement780