May 22, 2026 10:46:48 AM

Monthly Selected Authority Documents April 2026

Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for April.

See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.

AD_name	AD_id	AD_type	selected	groups	initiatives
ISO/IEC 27002:2022	3430	International or National Standard	25	30	13
ISO/IEC 27001:2022	3567	International or National Standard	24	27	6
NIST CSF 2.0	3789	International or National Standard	22	21	9
ISO/IEC 27001:2022/Amendment 1:2024	4103	International or National Standard	18	1	0
NIST 800-53, v5.2.0	4137	International or National Standard	14	1	0
EU General Data Protection Regulation (GDPR)	2802	Regulation or Statute	13	207	23
ISO 27001-2013	1367	International or National Standard	12	235	25
23 NYCRR 500	3686	Regulations	11	28	20
CIS Controls, V8	3323	Best Practice Guideline	11	24	11
Digital Operational Resilience Act	3668	Regulations	11	24	11
SOC 2¬Æ, 2022	3647	Audit Guideline	11	8	1
23 NYCRR 500	2895	Regulation or Statute	10	55	24
HIPAA Security and Privacy Rule	3986	Regulations	10	22	11
PCI DSS Defined Approach Requirements v4.0.1	3987	International or National Standard	10	8	1
PCI DSS Defined Approach Testing Procedures v4.0.1	3988	International or National Standard	10	5	1
AICPA Reporting on Controls at a Service Organization SOC-2	1132	Safe Harbor	9	152	8
CIS Controls Version 8.1	3955	Best Practice Guideline	9	7	3
CMMC Level 2	4043	Regulations	9	4	1
NIST 800-53B, Moderate Impact Baseline, v5.2.0	4256	International or National Standard	9	0	0
NIST AI 600-1	3990	International or National Standard	9	8	4
NIST SP 800-53 R5	3241	International or National Standard	9	42	18
CMMC Level 1	4042	Regulations	8	1	0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020	3275	International or National Standard	8	28	12
HIPAA	3201	Bill or Act	8	17	6
ISO 42001:2023	4062	International or National Standard	8	3	1
ISO/IEC 27018:2019	3429	International or National Standard	8	10	2
NIST 800-171 Rev 3	3946	International or National Standard	8	9	3
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations	3134	International or National Standard	8	25	12
PCI DSS v4.0.1 SAQ A-EP	4081	Self-Regulatory Body Requirement	8	1	0
PCI DSS v4.0.1 SAQ SPoC	4089	Self-Regulatory Body Requirement	8	1	0
CobiT	102	Safe Harbor	7	178	2
CSIS 20 Critical Security Controls	1134	Best Practice Guideline	7	170	0
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022	3714	Regulatory Directive or Guidance	7	16	6
NIST 800-171A r3	4056	International or National Standard	7	1	1
NIST 800-53B, Privacy Impact Baseline, v5.2.0	4258	International or National Standard	7	0	0
NIST AI 100-1	3591	Best Practice Guideline	7	6	1
PCI DSS Defined Approach Requirements, Version 4.0	3444	International or National Standard	7	18	6
PCI DSS v4.0.1 SAQ D for Merchants	4086	Self-Regulatory Body Requirement	7	10	6
PCI DSS v4.0.1 SAQ D for Service Providers	4087	Self-Regulatory Body Requirement	7	2	0
16 CFR Part 314, Standards for Safeguarding Customer Information	3449	Regulation or Statute	6	34	22
California Privacy Rights Act (CPRA)	3290	Bill or Act	6	9	5
Cloud Controls Matrix, v4.0	3303	Self-Regulatory Body Requirement	6	13	1
CMMC Level 3	4044	Regulations	6	1	0
ISO 22301:2019(E)	3454	International or National Standard	6	3	3
NIST 800-53B, High Impact Baseline, v5.2.0	4255	International or National Standard	6	0	0
NIST SP 800-53 R4	3212	International or National Standard	6	9	3
PCI DSS 3.0 Requirements	1345	Self-Regulatory Body Requirement	6	110	2
PCI DSS Defined Approach Testing Procedures, Version 4.0	3445	International or National Standard	6	11	6
45 CFR Part 160	986	Regulation or Statute	5	14	5
CIS Controls, V7.1	3198	Best Practice Guideline	5	10	6

Common Controls Hub, Updates