Monthly Selected Authority Documents - January, 2022

February 1, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard2418711
hipaa security ruleRegulation or Statute2141
NIST SP 800-53 R5International or National Standard1985
NIST CSF 1.1International or National Standard183412
EU General Data Protection Regulation (GDPR)Regulation or Statute1516410
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1343
Sarbanes-Oxley Act of 2002Bill or Act1123
CobiTSafe Harbor101621
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard1020
CIS Controls, V8Best Practice Guideline900
ISO 27005 R 2011International or National Standard9123
ISO/IEC 27701:2019International or National Standard9123
NIST SP 800-63CInternational or National Standard942
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline8100
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard832
NIST SP 800-63AInternational or National Standard843
NIST SP 800-63BInternational or National Standard843
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4International or National Standard840
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor71374
HIPAABill or Act794
ISO/IEC 27002:2013(E)International or National Standard71397
SOC2Safe Harbor700
Cyber Essentials Scheme (CES) QuestionnaireBest Practice Guideline620
FedRAMP Baseline Security ControlsAudit Guideline61240
Gramm Leach BlileyBill or Act600
NIST SP 800 66Safe Harbor6251
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement6951
PCI DSS 3.2 SAQ D MerchantContractual Obligation660
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation61464
PCI SAQ A v3.2Contractual Obligation653
23 NYCRR 500Regulation or Statute593
CMMC Level 5Best Practice Guideline520
Commission of the European Communities Information Technology Security Evaluation ManualSafe Harbor510
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard520
Czech Republic Data Protection ActRegulation or Statute500
EU 8th DirectiveRegulation or Statute530
ISO 27002International or National Standard572
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement5144
NIST SP 800-39International or National Standard541
NIST SP 800-53 R4 High Impact, DeprecatedInternational or National Standard51684
ACPO Good Practice Guidefor Digital EvidenceBest Practice Guideline410
Australian Government Information Security Manual ControlsInternational or National Standard430
Bosnia Law on Protection of Personal Data 2001Regulation or Statute400
California Consumer Privacy Act of 2018Bill or Act411
California Consumer Privacy Act of 2018Bill or Act4391
China Personal Data Ordinance of Hong Kong 2Regulation or Statute470
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement400
CMMC Level 3Best Practice Guideline442
COSO Enterprise Risk Management (2017)Best Practice Guideline4113
CSIS 20 Critical Security ControlsBest Practice Guideline41570