Monthly Selected Authority Documents - March, 2021

April 1, 2021 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard371737
NIST CSF 1.1International or National Standard34297
EU General Data Protection Regulation (GDPR)Regulation or Statute3215410
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation301394
ISO/IEC 27002:2013(E)International or National Standard231344
NIST SP 800-53 R5International or National Standard2152
California Consumer Privacy Act of 2018Bill or Act19340
Sarbanes Oxley SOX, DeprecatedRegulation or Statute191411
CMMC Level 3Best Practice Guideline1712
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor151253
ISO/IEC 27701:2019International or National Standard15103
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1512
HIPAABill or Act1431
NIST SP 800-53International or National Standard12140
23 NYCRR 500Regulation or Statute1172
CMMC Level 1Best Practice Guideline1112
CMMC Level 5Best Practice Guideline1110
CobiTSafe Harbor111511
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1100
CIS Controls, V7.1Best Practice Guideline1032
CMMC Level 2Best Practice Guideline1012
CMMC Level 4Best Practice Guideline1010
HIPAA Electronic Health Record TechnologyRegulation or Statute1000
ISO/IEC 27018:2014International or National Standard10142
NIST SP 800 66Safe Harbor10191
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement980
Brazilian General Data Protection Law (LGPD)Bill or Act930
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement9122
Cloud Security Alliance CCM V1.3Best Practice Guideline950
COBIT 2019Safe Harbor931
Gramm Leach BlileyBill or Act982
hipaa security ruleRegulation or Statute920
ISO 27002International or National Standard951
ISO 9001:2015International or National Standard9142
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement9124
PCI DSS 3.2 SAQ D MerchantContractual Obligation940
45 CFR Part 160Regulation or Statute833
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement872
FedRAMP Security Controls Baseline, 2018Audit Guideline814
MAS TRMContractual Obligation8310
NICE NISTInternational or National Standard8101
NIST SP 800-53 R4 High Impact, DeprecatedInternational or National Standard81594
NIST SP 800-61International or National Standard893
Trust Services CriteriaSelf-Regulatory Body Requirement841
COBIT 5 Enabling Processes: BasicsSafe Harbor7403
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard702
HIPAA HCFABest Practice Guideline711
NIST CSF 1.0International or National Standard7101
Singapore Personal Data Protection Act 2012Regulation or Statute710
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline670