Monthly Selected Authority Documents - October, 2022

October 31, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard5219717
NIST SP 800-53 R5International or National Standard381911
EU General Data Protection Regulation (GDPR)Regulation or Statute3117115
NIST CSF 1.1International or National Standard304319
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsBest Practice Guideline21107
ISO/IEC 27002:2022International or National Standard1913
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1853
Sarbanes-Oxley Act of 2002Bill or Act1724
PCI DSS v3.2.1Contractual Obligation1754
CIS Controls, V8Best Practice Guideline1677
ISO/IEC 27701:2019International or National Standard13188
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement1220
ISO 27002International or National Standard1283
NIST SP 800-53International or National Standard11182
SOC2Safe Harbor1120
23 NYCRR 500Regulation or Statute9143
HIPAABill or Act9105
SSAE 18Safe Harbor963
California Consumer Privacy Act of 2018Bill or Act8421
EU 8th DirectiveRegulation or Statute830
hipaa security ruleRegulation or Statute851
NIST Privacy FrameworkInternational or National Standard8147
Brazilian General Data Protection Law (LGPD)Bill or Act730
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline6143
CobiTSafe Harbor61641
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard6160
MAS TRMContractual Obligation6380
Notice on Cyber HygieneBill or Act610
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard654
Red Book (Condensed)International or National Standard6127
BSI-Standard 100-2International or National Standard580
CIS Amazon Web Services Foundations Benchmark, v1.4.0, Level 2Best Practice Guideline500
CIS Amazon Web Services Foundations, Benchmark v1.4.0, Level 1Best Practice Guideline500
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard598
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard585
FFIEC CATBest Practice Guideline5131
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute522
ISO/IEC 27002:2013(E)International or National Standard514413
MAS Guidelines on OutsourcingBill or Act510
MAS-TRMG-2021Contractual Obligation540
NIST CSF 1.0International or National Standard5112
NIST SP 800-37r2International or National Standard5114
Notice No.: CMG-N02, Notice On Technology Risk ManagementSelf-Regulatory Body Requirement530
Payments Service Directive 2International or National Standard540
Personal Information Protection Law of the People's Republic of ChinaStatutes (Bills or Acts)500
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement542
6 CFR Part 27Regulation or Statute400
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor41404
CIS Microsoft Windows Server 2019 Benchmark, v1.2.1, Level 1Best Practice Guideline400
NIST SP 800-122Best Practice Guideline400