Monthly Selected Authority Documents June 2025
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for May.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_common_name | AD_id | AD_type | selected | groups | initiatives |
| AD_common_name | AD_id | AD_type | selected | groups | initiatives |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 39 | 22 | 5 |
| NIST CSF 2.0 | 3789 | International or National Standard | 38 | 15 | 7 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 30 | 24 | 12 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 27 | 5 | 3 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 25 | 38 | 18 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 24 | 196 | 22 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 23 | 22 | 11 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 22 | 20 | 10 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 19 | 11 | 5 |
| Digital Operational Resilience Act | 3668 | Regulations | 18 | 13 | 4 |
| NIST 800-171 Rev 3 | 3946 | International or National Standard | 18 | 6 | 2 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 17 | 5 | 2 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 17 | 3 | 0 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 16 | 30 | 12 |
| Gramm Leach Bliley | 3302 | Bill or Act | 15 | 13 | 0 |
| ISO 27001-2013 | 1367 | International or National Standard | 15 | 226 | 24 |
| CMMC Level 2 | 4043 | Regulations | 14 | 2 | 0 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 14 | 10 | 4 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | 3007 | Best Practice Guideline | 13 | 19 | 5 |
| CobiT | 102 | Safe Harbor | 13 | 169 | 2 |
| FedRAMP Version 5 Moderate Baseline | 3644 | Audit Guideline | 13 | 1 | 0 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 13 | 21 | 10 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | 3270 | International or National Standard | 12 | 11 | 8 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 | 3278 | International or National Standard | 12 | 10 | 5 |
| hipaa security rule | 3204 | Regulation or Statute | 12 | 6 | 2 |
| Artificial Intelligence Act | 3972 | Regulations | 11 | 6 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 11 | 18 | 7 |
| FedRAMP High Baseline, Version 5 | 3636 | Regulation or Statute | 11 | 0 | 0 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 11 | 5 | 1 |
| CMMC Level 1 | 4042 | Regulations | 10 | 0 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | 3279 | International or National Standard | 10 | 7 | 3 |
| HIPAA | 3201 | Bill or Act | 10 | 13 | 4 |
| ISO 31000:2018 | 2936 | International or National Standard | 10 | 26 | 9 |
| NIST SP 800-66r2 | 3960 | International or National Standard | 10 | 3 | 0 |
| Red Book (Condensed) | 2840 | International or National Standard | 10 | 21 | 7 |
| Australian Government Information Security Manual, June 2024 | 3966 | International or National Standard | 9 | 2 | 0 |
| CMMC Level 3 | 4044 | Regulations | 9 | 0 | 0 |
| NIST SP 800-37r2 | 3013 | International or National Standard | 9 | 13 | 5 |
| NIST SP 800-39 | 2428 | International or National Standard | 9 | 23 | 7 |
| PCI DSS Defined Approach Requirements, Version 4.0 | 3444 | International or National Standard | 9 | 18 | 6 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 9 | 8 | 6 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | 3449 | Regulation or Statute | 8 | 24 | 14 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 8 | 43 | 16 |
| 23 NYCRR 500 | 3686 | Regulations | 8 | 17 | 12 |
| CRI Profile, v2.0 | 3959 | Best Practice Guideline | 8 | 1 | 0 |
| CSF V1.1 | 3709 | International or National Standard | 8 | 4 | 0 |
| IEC 62443-4-2 | 3349 | International or National Standard | 8 | 5 | 4 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | 1423 | International or National Standard | 8 | 21 | 1 |
| ISO 22301:2019(E) | 3454 | International or National Standard | 8 | 3 | 3 |
| ISO 42001:2023 | 4062 | International or National Standard | 8 | 1 | 0 |