Monthly Selected Authority Documents - November, 2018

December 1, 2018 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7611521
EU General Data Protection Regulation (GDPR)Regulation or Statute29774
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor26515
NIST Cybersecurity FrameworkInternational or National Standard2672
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation26839
NIST SP 800-53 R4 High ImpactInternational or National Standard25894
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard25296
NIST SP 800-53 R4International or National Standard24598
NIST SP 800-53 R4 Low ImpactInternational or National Standard21244
Sarbanes Oxley SOXRegulation or Statute218316
HIPAABill or Act17468
ISO 27002International or National Standard16117
CIS Controls V7Best Practice Guideline1500
NIST SP 800 66Safe Harbor1485
NIST SP 800-53International or National Standard1493
ISO/IEC 27002:2013(E)International or National Standard139117
NIST Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard13177
ISO 27005 R 2011International or National Standard12116
23 NYCRR 500Regulation or Statute1106
Gramm Leach BlileyBill or Act111210
HIPAA Electronic Health Record TechnologyRegulation or Statute1073
PCI SAQ A v3.1Contractual Obligation1051
Red Book (Condensed)International or National Standard1011
CobiTSafe Harbor9956
FFIEC CATBest Practice Guideline900
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement911
NIST SP 800-171International or National Standard952
45 CFR Part 164Regulation or Statute8136
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement861
Cloud Security Alliance CCM V1.3Best Practice Guideline8126
FFIEC Audit April 2012Best Practice Guideline800
FFIEC IT Examination HandbookAudit Guideline700
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline700
NIST 800-53AInternational or National Standard763
Third-Party Relationships Risk Management Guidance, OCC bulletin 2013-29 October 30 2013Organizational Directive730
21 CFR Part 820Regulation or Statute641
Appendix B of 12 CFR Part 30Regulation or Statute630
COSO Enterprise Risk Management (2017)Best Practice Guideline600
FFIEC Business Continuity PlanningBest Practice Guideline650
FFIEC OperationsBest Practice Guideline650
FFIEC Outsourcing Technology ServicesBest Practice Guideline681
FFIEC Retail Payment Systems 2016Best Practice Guideline600
FFIEC Wholesale Payment SystemsBest Practice Guideline650
Framework for Improving Critical Infrastructure CybersecurityInternational or National Standard600
ISO 31000 R 2009International or National Standard6914
NERC CIP 005-5International or National Standard600
NERC CIP 008-5International or National Standard600
NIST SP 800-39International or National Standard610
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement6236
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor6113