Monthly Selected Authority Documents July 2025
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for June.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD Name | AD_id | AD_type | selected | groups | initiatives |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 30 | 22 | 5 |
| NIST CSF 2.0 | 3789 | International or National Standard | 26 | 16 | 8 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 21 | 24 | 12 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 14 | 196 | 22 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 14 | 5 | 3 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 13 | 20 | 10 |
| CobiT | 102 | Safe Harbor | 13 | 169 | 2 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 13 | 5 | 1 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 12 | 11 | 5 |
| ISO 42001:2023 | 4062 | International or National Standard | 12 | 1 | 0 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 12 | 38 | 18 |
| ISO/IEC 27001:2022/Amendment 1:2024 | 4103 | International or National Standard | 11 | 0 | 0 |
| NIST 800-171 Rev 3 | 3946 | International or National Standard | 11 | 6 | 2 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 11 | 3 | 0 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 11 | 4 | 1 |
| SOC 2®, 2022 | 3647 | Audit Guideline | 11 | 7 | 1 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 10 | 21 | 10 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 10 | 8 | 6 |
| 23 NYCRR 500 | 3686 | Regulations | 9 | 19 | 14 |
| COSO Internal Control - Integrated Framework | 1578 | Self-Regulatory Body Requirement | 9 | 24 | 8 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 9 | 30 | 12 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | 3007 | Best Practice Guideline | 8 | 19 | 5 |
| COSO Enterprise Risk Management (2017) | 2947 | Best Practice Guideline | 8 | 25 | 9 |
| Cyber Resilience Act (CRA) | 4090 | Regulations | 8 | 0 | 0 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 8 | 11 | 5 |
| ISO 27001-2013 | 1367 | International or National Standard | 8 | 226 | 24 |
| ISO 9001:2015 | 2942 | International or National Standard | 8 | 25 | 6 |
| ISO/IEC 27018:2019 | 3429 | International or National Standard | 8 | 8 | 2 |
| NIST SP 800-53 | 902 | International or National Standard | 8 | 18 | 3 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | 1132 | Safe Harbor | 7 | 144 | 8 |
| California Consumer Privacy Act of 2018 | 2957 | Bill or Act | 7 | 47 | 4 |
| COBIT 2019 | 3009 | Safe Harbor | 7 | 9 | 2 |
| Cybersecurity and Cyber Resilience Framework | 4031 | Regulatory Directive or Guidance | 7 | 0 | 0 |
| Digital Operational Resilience Act | 3668 | Regulations | 7 | 14 | 5 |
| HIPAA | 3201 | Bill or Act | 7 | 13 | 4 |
| ICD 702 | 2367 | Organizational Directive | 7 | 3 | 0 |
| ISO 27002 | 482 | International or National Standard | 7 | 9 | 5 |
| ISO/IEC 28394:2023 | 3611 | International or National Standard | 7 | 4 | 2 |
| NIST CSF 1.0 | 1365 | International or National Standard | 7 | 12 | 2 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 7 | 22 | 11 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 6 | 45 | 18 |
| Canada Privacy Policy Principles | 176 | Regulation or Statute | 6 | 3 | 3 |
| CCM v4.0 | 3578 | Self-Regulatory Body Requirement | 6 | 1 | 1 |
| CMMC Level 2 | 4043 | Regulations | 6 | 2 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 6 | 18 | 7 |
| Digital Personal Data Protection Act, 2023 | 3679 | Statutes (Bills or Acts) | 6 | 1 | 1 |
| FFIEC IT Examination Handbook - Information Security, 2016 | 4024 | Audit Guideline | 6 | 2 | 1 |
| Gramm Leach Bliley | 3302 | Bill or Act | 6 | 13 | 0 |
| Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts, European Commission | 3320 | Best Practice Guideline | 6 | 9 | 1 |
| ISO/IEC 38507:2022 | 3637 | International or National Standard | 6 | 4 | 2 |