Monthly Selected Authority Documents - January, 2023

February 8, 2023 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
NIST CSF 1.1International or National Standard344519
ISO/IEC 27001:2022International or National Standard3200
NIST SP 800-53 R5International or National Standard272211
ISO/IEC 27002:2022International or National Standard2423
CIS Controls, V8Best Practice Guideline2277
EU General Data Protection Regulation (GDPR)Regulation or Statute2217415
ISO 27001-2013International or National Standard2220217
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1630
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1664
CobiTSafe Harbor151671
Gramm Leach BlileyBill or Act1430
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard14118
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline13173
NIST SP 800-53International or National Standard13182
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1283
SOC2Safe Harbor1240
ISO/IEC 27701:2019International or National Standard11188
23 NYCRR 500Regulation or Statute10163
California Privacy Rights Act (CPRA)Bill or Act1031
HIPAABill or Act10104
NIST SP 800-53 R4International or National Standard1043
hipaa security ruleRegulation or Statute951
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement942
ASPR AT&T Control StandardsOrganizational Governance Documents800
ASPR AT&T Control Standards, Export Version: 31 October 2022Organizational Governance Documents800
EBA/GL/2019/04Regulation or Statute8130
NIST SP 800-171International or National Standard831
NIST SP 800-37r2International or National Standard8124
PCI DSS v3.2.1Contractual Obligation874
Sarbanes-Oxley Act of 2002Bill or Act824
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor71434
California Consumer Privacy Act of 2018Bill or Act7451
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard785
HIPAA HCFABest Practice Guideline732
ISO 27002International or National Standard783
ISO/IEC 27002:2013(E)International or National Standard714413
PCI DSS Testing Procedures v3.2Contractual Obligation7292
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard698
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard685
FedRAMP Baseline Security ControlsAudit Guideline61290
FFIEC CATBest Practice Guideline6151
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline650
ISO 22301:2019(E)International or National Standard600
NIST CSF 1.0International or National Standard6112
NIST SP 800-39International or National Standard6106
PCI DSS 3.2 SAQ D Service ProviderContractual Obligation652
CIS 20 Critical Security ControlsBest Practice Guideline5302
CMMC Level 2, v2.0Best Practice Guideline566
CRI Profile v1.2Best Practice Guideline570
FFIEC ManagementBest Practice Guideline581