Monthly Selected Authority Documents Feb 2026
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for February.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_name | AD_id | AD_type | selected | groups | initiatives |
| NIST CSF 2.0 | 3789 | International or National Standard | 35 | 18 | 8 |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 28 | 24 | 5 |
| NIST 800-53, v5.2.0 | 4137 | International or National Standard | 22 | 0 | 0 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 21 | 27 | 12 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 20 | 205 | 22 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 14 | 5 | 1 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 14 | 6 | 1 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 12 | 20 | 11 |
| ISO/IEC 27001:2022/Amendment 1:2024 | 4103 | International or National Standard | 12 | 0 | 0 |
| NIST AI 600-1 | 3990 | International or National Standard | 12 | 7 | 4 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 12 | 5 | 1 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 12 | 8 | 6 |
| CCM v4.0 | 3578 | Self-Regulatory Body Requirement | 11 | 7 | 5 |
| 23 NYCRR 500 | 3686 | Regulations | 10 | 28 | 20 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 10 | 23 | 11 |
| Digital Operational Resilience Act | 3668 | Regulations | 10 | 23 | 11 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 10 | 13 | 5 |
| NIST 800-171 Rev 3 | 3946 | International or National Standard | 10 | 7 | 2 |
| Trust Services Criteria (with Revised Points of Focus – 2022) | 3609 | Self-Regulatory Body Requirement | 10 | 12 | 3 |
| Cloud Controls Matrix, v4.0 | 3303 | Self-Regulatory Body Requirement | 9 | 12 | 1 |
| CMMC Level 2 | 4043 | Regulations | 9 | 3 | 1 |
| COBIT 2019 | 3009 | Safe Harbor | 9 | 9 | 2 |
| ISO 42001:2023 | 4062 | International or National Standard | 9 | 2 | 1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 9 | 23 | 11 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 9 | 7 | 3 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 8 | 54 | 24 |
| AICPA Trust Services Principles and Criteria | 2821 | Self-Regulatory Body Requirement | 8 | 10 | 2 |
| Artificial Intelligence Act | 3972 | Regulations | 8 | 8 | 2 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 8 | 6 | 2 |
| FedRAMP Version 5 Moderate Baseline | 3644 | Audit Guideline | 8 | 3 | 1 |
| GDPR Sample | 4261 | Regulations | 8 | 0 | 0 |
| ISO 27001-2013 | 1367 | International or National Standard | 8 | 234 | 24 |
| NIST 800-53 Sample | 4259 | International or National Standard | 8 | 0 | 0 |
| Consumer Protection in respect of Use of Big Data Analytics and Artificial Intelligence by Authorized Institutions | 3375 | Regulation or Statute | 7 | 0 | 0 |
| Digital Personal Data Protection Act, 2023 | 3679 | Statutes (Bills or Acts) | 7 | 9 | 1 |
| Insurance Data Security Model Law, NAIC MDL-668 | 2920 | Best Practice Guideline | 7 | 13 | 9 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 7 | 31 | 12 |
| NIST 800-171A r3 | 4056 | International or National Standard | 7 | 0 | 0 |
| NIST 800-53B, High Impact Baseline, v5.2.0 | 4255 | International or National Standard | 7 | 0 | 0 |
| NIST SP 800-37r2 | 3013 | International or National Standard | 7 | 13 | 5 |
| PCI Sample | 4260 | Self-Regulatory Body Requirement | 7 | 0 | 0 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | 3449 | Regulation or Statute | 6 | 34 | 22 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | 3007 | Best Practice Guideline | 6 | 27 | 5 |
| CMMC Level 2, v2.0 | 3427 | Best Practice Guideline | 6 | 16 | 6 |
| CobiT | 102 | Safe Harbor | 6 | 177 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 6 | 27 | 12 |
| COSO Internal Control - Integrated Framework | 1578 | Self-Regulatory Body Requirement | 6 | 24 | 8 |
| FFIEC IT Examination Handbook - Information Security, 2016 | 4024 | Audit Guideline | 6 | 11 | 6 |
| Insurance Data Security | 3411 | Regulation or Statute | 6 | 24 | 21 |
| NIST 800-53B, Moderate Impact Baseline, v5.2.0 | 4256 | International or National Standard | 6 | 0 | 0 |
