Monthly Selected Authority Documents - February, 2020

March 1, 2020 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard6515717
NIST SP 800-53 R4International or National Standard3710710
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation3212110
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard28505
CIS Controls V7Best Practice Guideline27121
NIST SP 800-53 R4 High ImpactInternational or National Standard271355
NIST CSF 1.1International or National Standard25182
EU General Data Protection Regulation (GDPR)Regulation or Statute241307
NIST SP 800-53 R4 Low ImpactInternational or National Standard22485
California Consumer Privacy Act of 2018Bill or Act21230
Sarbanes Oxley SOXRegulation or Statute191219
HIPAABill or Act18823
ISO/IEC 27701:2019International or National Standard1730
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor161042
ISO/IEC 27002:2013(E)International or National Standard1612611
NIST SP 800 66Safe Harbor1471
Red Book (Condensed)International or National Standard1453
23 NYCRR 500Regulation or Statute1337
CobiTSafe Harbor121321
HIPAA Electronic Health Record TechnologyRegulation or Statute1233
ISO 27002International or National Standard1255
45 CFR Part 164Regulation or Statute1163
FFIEC CATBest Practice Guideline1131
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1172
NIST SP 800-53International or National Standard1191
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement10111
Cloud Security Alliance CCM V1.3Best Practice Guideline1080
FedRAMP Baseline Security ControlsAudit Guideline10951
FFIEC Business Continuity Planning Handbook 2015Audit Guideline1031
FFIEC IT Examination HandbookAudit Guideline1041
HIPAA HCFABest Practice Guideline1070
ISO 31000 R 2009International or National Standard91333
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement9671
CSIS 20 Critical Security ControlsBest Practice Guideline81291
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline801
PCI DSS 3.2 SAQ D MerchantContractual Obligation830
Trust Services CriteriaSelf-Regulatory Body Requirement831
Financial Services Sector Cybersecurity ProfileInternational or National Standard700
ISO/IEC 27018:2014International or National Standard741
ITIL Security ManagementBest Practice Guideline722
MAS TRMContractual Obligation7240
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard762
NIST SP 800-37r2International or National Standard721
PCI DSS 3.1 SAQ A-EPContractual Obligation700
PCI DSS Testing Procedures v3.2Contractual Obligation740
PCI SAQ A v3.1Contractual Obligation731
SSAE 18Safe Harbor741
COBIT 5 Enabling Processes: BasicsSafe Harbor6332
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement631
FFIEC Management 2015Best Practice Guideline621