Monthly Selected Authority Documents - March, 2020

April 1, 2020 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard741467
NIST SP 800-53 R4International or National Standard651076
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard53513
NIST SP 800-53 R4 High ImpactInternational or National Standard481363
NIST SP 800-53 R4 Low ImpactInternational or National Standard41503
EU General Data Protection Regulation (GDPR)Regulation or Statute331306
NIST CSF 1.1International or National Standard32192
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor251042
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation241253
CIS Controls V7Best Practice Guideline22141
NIST SP 800-53International or National Standard2280
Sarbanes Oxley SOXRegulation or Statute211141
HIPAABill or Act20751
California Consumer Privacy Act of 2018Bill or Act18230
ISO 27002International or National Standard1811
ISO/IEC 27701:2019International or National Standard1760
23 NYCRR 500Regulation or Statute1662
CobiTSafe Harbor141301
HIPAA Electronic Health Record TechnologyRegulation or Statute1432
ISO/IEC 27002:2013(E)International or National Standard141241
FedRAMP Baseline Security ControlsAudit Guideline11930
NIST CSF 1.0International or National Standard11111
45 CFR Part 164Regulation or Statute1061
Gramm Leach BlileyBill or Act1060
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1071
NIST SP 800 66Safe Harbor1070
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement990
Cloud Security Alliance CCM V1.3Best Practice Guideline940
MAS TRMContractual Obligation9240
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement9300
CSIS 20 Critical Security ControlsBest Practice Guideline81280
FFIEC CATBest Practice Guideline861
FFIEC IT Examination HandbookAudit Guideline871
NIST 800-53AInternational or National Standard831
NIST SP 800-171International or National Standard811
Trust Services CriteriaSelf-Regulatory Body Requirement831
HIPAA HCFABest Practice Guideline750
NIST SP 800-122International or National Standard720
PCI SAQ A v3.1Contractual Obligation700
Canada Personal Information Protection Electronic Documents ActRegulation or Statute600
DoD Instruction 8500.2 DIACAPAudit Guideline6560
India Indian Info Privacy ActRegulation or Statute6150
ISO 31000 R 2009International or National Standard61312
ITIL Security ManagementBest Practice Guideline600
ITIL Service SupportBest Practice Guideline600
PIPEDABill or Act610
Red Book (Condensed)International or National Standard642
45 CFR Part 160Regulation or Statute510
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement570
Argentina Personal Data Protection ActRegulation or Statute523