Monthly Selected Authority Documents - June, 2019

July 1, 2019 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard9617322
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation6413811
NIST SP 800-53 R4International or National Standard5711713
Sarbanes Oxley SOXRegulation or Statute4113917
EU General Data Protection Regulation (GDPR)Regulation or Statute381368
NIST CSF 1.1International or National Standard3840
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard386010
NIST SP 800-53 R4 High ImpactInternational or National Standard371449
ISO/IEC 27002:2013(E)International or National Standard3014517
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor291016
HIPAABill or Act29888
CIS Controls V7Best Practice Guideline2850
CobiTSafe Harbor281526
NIST SP 800-53 R4 Low ImpactInternational or National Standard28519
FFIEC CATBest Practice Guideline2373
FedRAMP Baseline Security ControlsAudit Guideline20995
Gramm Leach BlileyBill or Act191410
ISO 27002International or National Standard18117
NIST 800-53AInternational or National Standard1763
NIST SP 800-53International or National Standard17123
California Consumer Privacy Act of 2018Bill or Act16140
HIPAA Electronic Health Record TechnologyRegulation or Statute1673
23 NYCRR 500Regulation or Statute1536
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1481
FCRARegulation or Statute14214
ISO 9001:2015International or National Standard1341
NIST CSF 1.0International or National Standard13207
FFIEC IT Examination HandbookAudit Guideline1230
Cloud Security Alliance CCM V1.3Best Practice Guideline11166
FACT ActRegulation or Statute11154
FFIEC Business Continuity Planning Handbook 2015Audit Guideline1150
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1122
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement11626
45 CFR Part 164Regulation or Statute10137
AICPA Identity Theft Prevention ProgramAudit Guideline1070
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1061
CSIS 20 Critical Security ControlsBest Practice Guideline101414
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline1000
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute10104
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor10155
COSO Enterprise Risk Management (2017)Best Practice Guideline950
Financial Services Sector Cybersecurity ProfileInternational or National Standard920
NIST SP 800 66Safe Harbor9105
Argentina Personal Data Protection ActRegulation or Statute855
COBIT 5 Enabling Processes: BasicsSafe Harbor8260
Generally Accepted Privacy PrinciplesBest Practice Guideline850
ISO 27005 R 2011International or National Standard8136
ISO 31000 R 2009International or National Standard81444
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement831
ISO/IEC 27018:2014International or National Standard863