Monthly Selected Authority Documents - March, 2023

April 4, 2023 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
ISO/IEC 27001:2022International or National Standard4653
NIST SP 800-53 R5International or National Standard462614
NIST CSF 1.1International or National Standard434922
EU General Data Protection Regulation (GDPR)Regulation or Statute3517516
ISO/IEC 27002:2022International or National Standard3235
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard3183
ISO 27001-2013International or National Standard3020519
CIS Controls, V8Best Practice Guideline2998
Sarbanes-Oxley Act of 2002Bill or Act1856
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard1764
PCI DSS v3.2.1Contractual Obligation1784
ISO/IEC 27701:2019International or National Standard16188
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard16118
23 NYCRR 500Regulation or Statute13173
California Privacy Rights Act (CPRA)Bill or Act1321
hipaa security ruleRegulation or Statute1351
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement132110
NIST CSF 1.0International or National Standard13112
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1230
ISO 27002International or National Standard1282
PCI DSS v4.0 SAQ D MerchantsContractual Obligation1210
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor1293
ISO/IEC 27002:2013(E)International or National Standard1114413
NIST Privacy FrameworkInternational or National Standard11157
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1142
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor101444
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline10184
California Consumer Privacy Act of 2018Bill or Act10441
CobiTSafe Harbor101671
HIPAABill or Act10104
NIST SP 800-37r2International or National Standard10135
NIST SP 800-53International or National Standard9171
BSI-Standard 100-2International or National Standard890
CMMC Level 2, v2.0Best Practice Guideline876
EBA/GL/2019/04Regulation or Statute8130
Gramm Leach BlileyBill or Act830
NIST SP 800-39International or National Standard8116
NIST SP 800-53 R4International or National Standard853
Australia Privacy Amendment ActRegulation or Statute7120
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard7108
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard795
COSO Enterprise Risk Management (2017)Best Practice Guideline7179
HIPAA Electronic Health Record TechnologyRegulation or Statute721
HIPAA HCFABest Practice Guideline732
ISO/IEC 27018:2019International or National Standard711
NIST SP 800 66Safe Harbor7311
NIST SP 800-171International or National Standard742
PCI DSS v4.0 SAQ ASelf-Regulatory Body Requirement700
SOC2Safe Harbor750
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement6101