Monthly Selected Authority Documents - January, 2020

February 1, 2020 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard4421125
EU General Data Protection Regulation (GDPR)Regulation or Statute271689
NIST SP 800-53 R4International or National Standard2514715
NIST CSF 1.1International or National Standard24112
ISO 27002International or National Standard16118
NIST SP 800-53 R4 High ImpactInternational or National Standard161779
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard167010
Sarbanes Oxley SOXRegulation or Statute1616417
CIS Controls V7Best Practice Guideline14101
FFIEC CATBest Practice Guideline13103
NIST SP 800-53 R4 Low ImpactInternational or National Standard13599
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation1316413
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement12111
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor111367
California Consumer Privacy Act of 2018Bill or Act11280
Canada Privacy Policy PrinciplesRegulation or Statute1143
China Personal Data Ordinance of Hong Kong 2Regulation or Statute11143
ISO/IEC 27701:2019International or National Standard1120
NIST SP 800 66Safe Harbor11145
FedRAMP Baseline Security ControlsAudit Guideline101335
HIPAABill or Act101119
India Indian Info Privacy ActRegulation or Statute10150
Canada Personal Information Protection Electronic Documents ActRegulation or Statute964
HIPAA Electronic Health Record TechnologyRegulation or Statute984
NIST SP 800-171International or National Standard973
Red Book (Condensed)International or National Standard953
Australian Government Information Security Manual ControlsInternational or National Standard883
Brazilian General Data Protection Law (LGPD)Bill or Act800
CobiTSafe Harbor81856
Japan Handbook on the Protection of Personal DataRegulation or Statute820
Japan Personal Information Protection ActRegulation or Statute853
MAS TRMContractual Obligation8320
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard872
NIST SP 800-53International or National Standard8123
CIS 20 Critical Security ControlsBest Practice Guideline792
EU 8th DirectiveRegulation or Statute7126
HKMA General Principles for Technology Risk ManagementRegulation or Statute790
HKMA Supervisory Policy Manual TM-G-2 Business Continuity PlanningContractual Obligation7170
ISF Standard of Good Practice 2013Best Practice Guideline7102
ISO 20000-1 2nd EdInternational or National Standard7434
ISO 20000-2 R 2005International or National Standard7424
ISO/IEC 27002:2013(E)International or National Standard717217
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement7380
Risk Management of E-bankingContractual Obligation790
Singapore(PDPC) Guide to Securing Personal Data in Electronic MediumBest Practice Guideline700
SWIFT Customer Security Controls FrameworkBest Practice Guideline710
AICPA PrivacySafe Harbor670
APRA PPG 234Safe Harbor6131
Argentina Personal Data Protection ActRegulation or Statute655
Cloud Security Alliance CCM V1.3Best Practice Guideline6166