Monthly Selected Authority Documents - May, 2020

June 1, 2020 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard841517
NIST SP 800-53 R4International or National Standard411125
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation361282
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard35543
CobiTSafe Harbor301331
EU General Data Protection Regulation (GDPR)Regulation or Statute301336
Sarbanes Oxley SOXRegulation or Statute281201
NIST SP 800-53 R4 High ImpactInternational or National Standard271413
NIST CSF 1.1International or National Standard26222
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor251072
HIPAABill or Act25781
NIST SP 800-53 R4 Low ImpactInternational or National Standard20533
FedRAMP Baseline Security ControlsAudit Guideline19960
CIS Controls V7Best Practice Guideline18171
Gramm Leach BlileyBill or Act1570
NIST SP 800 66Safe Harbor1580
NIST SP 800-53International or National Standard1590
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline1400
ISO/IEC 27018:2014International or National Standard1440
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1371
ISO 27002International or National Standard1211
ISO 31000 R 2009International or National Standard121352
California Consumer Privacy Act of 2018Bill or Act11230
HIPAA Electronic Health Record TechnologyRegulation or Statute1133
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement11671
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1060
CSIS 20 Critical Security ControlsBest Practice Guideline101310
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard1020
ISO/IEC 27002:2013(E)International or National Standard101271
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1000
23 NYCRR 500Regulation or Statute962
45 CFR Part 164Regulation or Statute972
AICPA Trust ServicesAudit Guideline930
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement990
CMMC Level 3Best Practice Guideline900
ISO/IEC 27701:2019International or National Standard950
NICE NISTInternational or National Standard910
PCI DSS Testing Procedures v3.2Contractual Obligation950
SWIFT Customer Security Controls FrameworkBest Practice Guideline900
APRA PPG 234Safe Harbor870
Federal Information Security Management Act FISMARegulation or Statute820
FFIEC Business Continuity Planning Handbook 2015Audit Guideline831
HKMA General Principles for Technology Risk ManagementRegulation or Statute8120
HKMA Supervisory Policy Manual TM-G-2 Business Continuity PlanningContractual Obligation8200
NIST SP 800-171International or National Standard811
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard860
PCI DSS 3.2 SAQ D Service ProviderContractual Obligation822
CIS 20 Critical Security ControlsBest Practice Guideline760
CMMC Level 5Best Practice Guideline700
COBIT 2019Safe Harbor711