Monthly Selected Authority Documents - March, 2019

April 26, 2019 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard8614322
NIST SP 800-53 R4International or National Standard598913
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard484210
EU General Data Protection Regulation (GDPR)Regulation or Statute461098
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation4410911
NIST SP 800-53 R4 Low ImpactInternational or National Standard43379
NIST SP 800-53 R4 High ImpactInternational or National Standard371209
NIST CSF 1.1International or National Standard3320
ISO/IEC 27002:2013(E)International or National Standard2911617
Sarbanes Oxley SOXRegulation or Statute2911017
CobiTSafe Harbor281216
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor27736
CIS Controls V7Best Practice Guideline2500
California Consumer Privacy Act of 2018Bill or Act24140
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement2261
HIPAABill or Act21628
ISO 27002International or National Standard20117
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement2011
23 NYCRR 500Regulation or Statute1926
Cloud Security Alliance CCM V1.3Best Practice Guideline18136
HIPAA Electronic Health Record TechnologyRegulation or Statute1873
Gramm Leach BlileyBill or Act161210
ITIL Security ManagementBest Practice Guideline1663
NIST SP 800 66Safe Harbor1695
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor16155
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1541
ISO/IEC 27018:2014International or National Standard1543
NIST SP 800-53International or National Standard15103
45 CFR Part 164Regulation or Statute14137
FFIEC CATBest Practice Guideline1453
HIPAA HCFABest Practice Guideline14182
Red Book (Condensed)International or National Standard1411
Argentina Personal Data Protection ActRegulation or Statute1355
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement13120
CA Security of Connected DevicesBill or Act1200
FFIEC Business Continuity Planning Handbook 2015Audit Guideline1230
FFIEC IT Examination HandbookAudit Guideline1200
India Indian Info Privacy ActRegulation or Statute1270
MAS TRMContractual Obligation1280
NIST CSF 1.0International or National Standard12197
CIS 20 Critical Security ControlsBest Practice Guideline1162
COSO Enterprise Risk Management (2017)Best Practice Guideline1140
FedRAMP Baseline Security ControlsAudit Guideline11715
ISO 20000-1 2nd EdInternational or National Standard11434
ISO 27005 R 2011International or National Standard11116
NIST 800-53AInternational or National Standard1163
ITIL Service SupportBest Practice Guideline1043
45 CFR Part 160Regulation or Statute971
45 CFR Part 162Regulation or Statute931
Australian Government Information Security Manual ControlsInternational or National Standard973