Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for December.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_name | AD_id | AD_type | selected | groups | initiatives |
| NIST CSF 2.0 | 3789 | International or National Standard | 47 | 18 | 8 |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 34 | 24 | 5 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 27 | 205 | 22 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 22 | 19 | 11 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 22 | 27 | 12 |
| 23 NYCRR 500 | 3686 | Regulations | 21 | 27 | 20 |
| Digital Operational Resilience Act | 3668 | Regulations | 21 | 22 | 11 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | 3449 | Regulation or Statute | 20 | 33 | 22 |
| CRI Profile, v2.1 | 4105 | Best Practice Guideline | 20 | 8 | 3 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 19 | 8 | 6 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 17 | 26 | 12 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 16 | 53 | 24 |
| CMMC Level 2 | 4043 | Regulations | 16 | 3 | 1 |
| Insurance Data Security Model Law, NAIC MDL-668 | 2920 | Best Practice Guideline | 15 | 12 | 9 |
| NIST AI 600-1 | 3990 | International or National Standard | 15 | 6 | 4 |
| PCI DSS v4.0.1 SAQ D for Merchants | 4086 | Self-Regulatory Body Requirement | 15 | 7 | 6 |
| Appendix B of 12 CFR Part 30 | 15 | Regulation or Statute | 14 | 42 | 22 |
| Cybersecurity Requirements For Insurance Companies | 3407 | Regulation or Statute | 14 | 23 | 21 |
| data security | 3406 | Regulation or Statute | 14 | 23 | 21 |
| Enterprise Information Security Policy, v14 | 4223 | Organizational Governance Documents | 14 | 4 | 1 |
| FFIEC IT Examination Handbook - Information Security, 2016 | 4024 | Audit Guideline | 14 | 10 | 6 |
| Insurance Data Security | 3402 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Act | 3410 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Act | 3405 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Law | 3398 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Law | 3404 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Law | 3408 | Regulation or Statute | 14 | 23 | 21 |
| Insurance Data Security Law | 3397 | Regulation or Statute | 14 | 23 | 21 |
| ISO 27001-2013 | 1367 | International or National Standard | 14 | 234 | 24 |
| Maine Insurance Data Security Act | 3409 | Regulation or Statute | 14 | 23 | 21 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 14 | 6 | 1 |
| Alaska Disclosure of breach of security | 3733 | Statutes (Bills or Acts) | 13 | 8 | 6 |
| California Privacy Rights Act (CPRA) | 3290 | Bill or Act | 13 | 8 | 4 |
| CCM v4.0 | 3578 | Self-Regulatory Body Requirement | 13 | 6 | 5 |
| Illinois Insurance Data Security Law | 4047 | Statutes (Bills or Acts) | 13 | 9 | 7 |
| Indiana Code Disclosure of Security Breach | 762 | Regulation or Statute | 13 | 8 | 6 |
| Insurance Data Security | 3411 | Regulation or Statute | 13 | 23 | 21 |
| Insurance Data Security | 3403 | Regulation or Statute | 13 | 23 | 21 |
| Insurance Data Security Act | 3396 | Regulation or Statute | 13 | 23 | 21 |
| Insurance Data Security Law | 3395 | Regulation or Statute | 13 | 23 | 21 |
| Insurance Data Security Law | 3394 | Regulation or Statute | 13 | 23 | 21 |
| Iowa Code Title XVI Chapter 715C, Personal Information Security Breach Protection | 3754 | Regulations | 13 | 9 | 7 |
| Kentucky Insurance Data Security Law | 4048 | Statutes (Bills or Acts) | 13 | 9 | 7 |
| Louisiana Revised Statutes Chapter 51, Database Security Breach Notification Law | 3757 | Regulations | 13 | 8 | 6 |
| Maryland Code Commercial Law Title 14 Subtitle 35 Sections 3504 thru 3507, Security Breach | 3759 | Regulations | 13 | 19 | 17 |
| Maryland Commercial Law, Sections 14-3501 thru 14-3508 | 795 | Regulation or Statute | 13 | 10 | 7 |
| Maryland Insurance Data Security Law | 4049 | Statutes (Bills or Acts) | 13 | 9 | 7 |
| Pennsylvania Insurance Data Security Law | 4051 | Statutes (Bills or Acts) | 13 | 9 | 7 |
| South Carolina Insurance Data Security Act | 3400 | Regulation or Statute | 13 | 23 | 21 |
| Vermont Insurance Data Security Law | 4053 | Statutes (Bills or Acts) | 13 | 9 | 7 |