Monthly Selected Authority Documents - January, 2021

February 1, 2021 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard401718
NIST CSF 1.1International or National Standard22287
NIST SP 800-53 R5International or National Standard2132
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation211374
EU General Data Protection Regulation (GDPR)Regulation or Statute1715211
ISO/IEC 27002:2013(E)International or National Standard171334
23 NYCRR 500Regulation or Statute1573
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor151253
ISO/IEC 27701:2019International or National Standard1583
NIST SP 800 66Safe Harbor15191
Sarbanes Oxley SOXRegulation or Statute151401
HIPAA Electronic Health Record TechnologyRegulation or Statute1433
NIST SP 800-53 R4International or National Standard1432
CIS Controls, V7.1Best Practice Guideline1323
ISO/IEC 27018:2014International or National Standard13142
NIST SP 800-53International or National Standard13140
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4International or National Standard1330
FedRAMP Baseline Security ControlsAudit Guideline121140
ISO 27002International or National Standard1241
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1180
CMMC Level 5Best Practice Guideline1101
CobiTSafe Harbor111512
ISO 27005 R 2011International or National Standard11102
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement11124
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1113
NIST SP 800-53 R4 Moderate Impact, DeprecatedInternational or National Standard11716
AICPA Trust ServicesAudit Guideline1040
NIST SP 800-53 R4 High Impact, DeprecatedInternational or National Standard101595
NIST SP 800-53 R4, DeprecatedInternational or National Standard101308
45 CFR Part 164Regulation or Statute982
CMMC Level 1Best Practice Guideline903
CMMC Level 3Best Practice Guideline903
CMMC Level 4Best Practice Guideline901
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement952
FFIEC CATBest Practice Guideline992
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard9110
ISO 31000 R 2009International or National Standard91542
New York General Business Law Chapter 20, Article 39-F, Section 899-aa, Notification; person without valid authorization has acquired private informationBill or Act910
NIST CSF 1.0International or National Standard9101
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4International or National Standard920
California Consumer Privacy Act of 2018Bill or Act8311
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement8122
CMMC Level 2Best Practice Guideline803
New York General Business Law Chapter 20, Article 39-F, Section 899-BBBill or Act810
NIST 800-53AInternational or National Standard862
NIST Privacy FrameworkInternational or National Standard871
NIST SP 800-171International or National Standard821
NIST SP 800-53 R4 Low Impact, DeprecatedInternational or National Standard8706
12 CFR Part 748Safe Harbor700
45 CFR Part 162Regulation or Statute711