Monthly Selected Authority Documents -November, 2022

November 30, 2022 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard5119917
EU General Data Protection Regulation (GDPR)Regulation or Statute3517315
NIST SP 800-53 R5International or National Standard331911
NIST CSF 1.1International or National Standard244319
ISO/IEC 27002:2022International or National Standard2113
Sarbanes-Oxley Act of 2002Bill or Act1824
ISO 27002International or National Standard1783
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement17199
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard17107
NIST SP 800-53International or National Standard15182
CIS Controls, V8Best Practice Guideline1477
ISO/IEC 27701:2019International or National Standard14188
PCI DSS v3.2.1Contractual Obligation1464
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1253
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard1085
hipaa security ruleRegulation or Statute1051
ISO/IEC 27018:2019International or National Standard1000
NIST Privacy FrameworkInternational or National Standard10147
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation101527
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement1042
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor91424
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline9163
California Privacy Rights Act (CPRA)Bill or Act931
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement920
NIST SP 800-39International or National Standard9106
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard853
FedRAMP Baseline Security ControlsAudit Guideline81280
NIST SP 800 66Safe Harbor8312
NIST SP 800-37r2International or National Standard8114
Red Book (Condensed)International or National Standard8127
CMMC Level 2, v2.0Best Practice Guideline765
CobiTSafe Harbor71661
EBA/GL/2019/04Regulation or Statute7100
FFIEC CATBest Practice Guideline7131
HIPAABill or Act7105
ISO/IEC 27002:2013(E)International or National Standard714413
ISO/IEC 27018:2014International or National Standard7192
21 CFR Part 11Regulation or Statute6330
AICPA Trust ServicesAudit Guideline661
California Consumer Privacy Act of 2018Bill or Act6441
Canada Privacy Policy PrinciplesRegulation or Statute632
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement6157
ISO 27005 R 2011International or National Standard6178
UK Data Protection Act 2018Bill or Act6190
23 NYCRR 500Regulation or Statute5143
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement5101
CMMC Level 1, v2.0Best Practice Guideline555
CRI Profile v1.2Best Practice Guideline550
FedRAMP Security Controls Baseline, 2018Audit Guideline514
FFIEC Information Technology Examination Handbook - Business Continuity ManagementAudit Guideline5195