Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for August.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD Name | AD_id | AD_type | selected | groups | initiatives |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 33 | 23 | 5 |
| NIST CSF 2.0 | 3789 | International or National Standard | 28 | 17 | 8 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 25 | 26 | 12 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 21 | 197 | 22 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 19 | 8 | 4 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 17 | 6 | 1 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 16 | 22 | 11 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 16 | 39 | 18 |
| SOC 2®, 2022 | 3647 | Audit Guideline | 16 | 7 | 1 |
| HIPAA | 3201 | Bill or Act | 15 | 15 | 4 |
| CobiT | 102 | Safe Harbor | 14 | 169 | 2 |
| 23 NYCRR 500 | 3686 | Regulations | 13 | 23 | 17 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 13 | 14 | 8 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 13 | 5 | 1 |
| California Privacy Rights Act (CPRA) | 3290 | Bill or Act | 12 | 8 | 4 |
| Digital Operational Resilience Act | 3668 | Regulations | 12 | 18 | 8 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 12 | 30 | 12 |
| NIST SP 800-53 | 902 | International or National Standard | 12 | 19 | 3 |
| Insurance Data Security Model Law, NAIC MDL-668 | 2920 | Best Practice Guideline | 11 | 8 | 6 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 11 | 22 | 11 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 10 | 49 | 21 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 10 | 12 | 5 |
| ISO 42001:2023 | 4062 | International or National Standard | 10 | 2 | 1 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 10 | 21 | 10 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 10 | 8 | 6 |
| COBIT 2019 | 3009 | Safe Harbor | 9 | 9 | 2 |
| ISO/IEC 27001:2022/Amendment 1:2024 | 4103 | International or National Standard | 9 | 0 | 0 |
| NIST SP 800-37r2 | 3013 | International or National Standard | 9 | 13 | 5 |
| NIST SP 800-66r2 | 3960 | International or National Standard | 9 | 3 | 0 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | 3449 | Regulation or Statute | 8 | 29 | 19 |
| CCM v4.0 | 3578 | Self-Regulatory Body Requirement | 8 | 3 | 3 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 8 | 7 | 3 |
| Cloud Controls Matrix, v4.0 | 3303 | Self-Regulatory Body Requirement | 8 | 11 | 1 |
| COSO Enterprise Risk Management (2017) | 2947 | Best Practice Guideline | 8 | 25 | 9 |
| hipaa security rule | 3204 | Regulation or Statute | 8 | 6 | 2 |
| California Consumer Privacy Act of 2018 | 2957 | Bill or Act | 7 | 48 | 4 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 7 | 21 | 9 |
| Gramm Leach Bliley | 3302 | Bill or Act | 7 | 13 | 0 |
| Insurance Data Security | 3411 | Regulation or Statute | 7 | 19 | 18 |
| ISO 27001-2013 | 1367 | International or National Standard | 7 | 226 | 24 |
| NIST AI 600-1 | 3990 | International or National Standard | 7 | 3 | 2 |
| NIST SP 800-218, Secure Software Development Framework Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities | 3650 | Best Practice Guideline | 7 | 1 | 1 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 7 | 5 | 1 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | 3445 | International or National Standard | 7 | 11 | 6 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | 3288 | Self-Regulatory Body Requirement | 7 | 7 | 3 |
| Artificial Intelligence Act | 3972 | Regulations | 6 | 8 | 2 |
| CMMC Level 2 | 4043 | Regulations | 6 | 3 | 1 |
| CMMC Level 2, v2.0 | 3427 | Best Practice Guideline | 6 | 15 | 6 |
| FFIEC CAT | 2896 | Best Practice Guideline | 6 | 31 | 2 |
| HIPAA Electronic Health Record Technology | 3208 | Regulation or Statute | 6 | 2 | 1 |