Monthly Selected Authority Documents - September, 2018

October 1, 2018 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7910821
EU General Data Protection Regulation (GDPR)Regulation or Statute46714
NIST SP 800-53 R4International or National Standard41538
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor39445
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation38779
NIST SP 800-53 R4 High ImpactInternational or National Standard36834
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard35256
ISO/IEC 27002:2013(E)International or National Standard328517
NIST Cybersecurity FrameworkInternational or National Standard3052
NIST SP 800-53 R4 Low ImpactInternational or National Standard29204
HIPAABill or Act27448
Sarbanes Oxley SOXRegulation or Statute247716
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement2310
FFIEC IT Examination HandbookAudit Guideline2100
ISO/IEC 27018:2014International or National Standard2043
FFIEC CATBest Practice Guideline1900
CobiTSafe Harbor18896
ISO 27005 R 2011International or National Standard18116
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1812
23 NYCRR 500Regulation or Statute1606
NIST SP 800 66Safe Harbor1685
ISO 27002International or National Standard15117
NIST SP 800-53International or National Standard1593
HIPAA Electronic Health Record TechnologyRegulation or Statute1473
Red Book (Condensed)International or National Standard1411
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor14113
FedRAMP Baseline Security ControlsAudit Guideline13415
FFIEC Business Continuity Planning Handbook 2015Audit Guideline1300
India Indian Info Privacy ActRegulation or Statute1360
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1241
FFIEC Audit April 2012Best Practice Guideline1200
ISO 9001:2015International or National Standard1200
NIST 800-53AInternational or National Standard1263
CIS 20 Critical Security ControlsBest Practice Guideline1162
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1161
COBIT 5 Enabling Processes: BasicsSafe Harbor1110
Gramm Leach BlileyBill or Act111210
Australian Privacy Act 1988Bill or Act1084
Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possessionRegulation or Statute1040
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard1031
ITIL Security ManagementBest Practice Guideline1063
Australia Privacy Amendment ActRegulation or Statute9146
COSO Internal Control - Integrated FrameworkSelf-Regulatory Body Requirement900
CSIS 20 Critical Security ControlsBest Practice Guideline9824
FFIEC Development AcquisitionBest Practice Guideline950
Florida Statute ยง 501.171 Security of confidential personal informationRegulation or Statute900
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline900
ISO 31000 R 2009International or National Standard9854
ITIL Service SupportBest Practice Guideline943
MAS TRMContractual Obligation920