Monthly Selected Authority Documents March 2026

Written by Amanda B. | Apr 2, 2026 5:46:09 PM

Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for March.

See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.

AD_name	AD_id	AD_type	selected	groups	initiatives
ISO/IEC 27001:2022	3567	International or National Standard	29	26	6
ISO/IEC 27002:2022	3430	International or National Standard	17	29	13
NIST CSF 2.0	3789	International or National Standard	17	20	9
EU General Data Protection Regulation (GDPR)	2802	Regulation or Statute	15	207	23
Digital Operational Resilience Act	3668	Regulations	11	23	11
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022	3714	Regulatory Directive or Guidance	10	15	6
ISO 9001:2015	2942	International or National Standard	9	29	6
NIST 800-171 Rev 3	3946	International or National Standard	9	9	3
PCI DSS Defined Approach Requirements v4.0.1	3987	International or National Standard	9	7	1
FedRAMP Version 5 Moderate Baseline	3644	Audit Guideline	8	4	1
ISO/IEC 27001:2022/Amendment 1:2024	4103	International or National Standard	8	0	0
ISO/IEC 27018:2019	3429	International or National Standard	8	10	2
NIST AI 100-1	3591	Best Practice Guideline	8	5	1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations	3134	International or National Standard	8	25	12
NIST SP 800-53 Revision 5.1.1	3687	International or National Standard	8	8	4
CMMC Level 1	4042	Regulations	7	0	0
CMMC Level 2, v2.0	3427	Best Practice Guideline	7	18	7
HIPAA Security and Privacy Rule	3986	Regulations	7	21	11
ISO 27001-2013	1367	International or National Standard	7	235	25
ISO 42001:2023	4039	International or National Standard	7	6	2
ISO/IEC 20000-1:2018	3002	International or National Standard	7	7	0
NIST 800-53B, Moderate Impact Baseline, v5.2.0	4256	International or National Standard	7	0	0
Sarbanes-Oxley Act of 2002	3296	Bill or Act	7	8	6
SOC 2¬Æ, 2022	3647	Audit Guideline	7	7	1
23 NYCRR 500	3686	Regulations	6	28	20
23 NYCRR 500	2895	Regulation or Statute	6	54	24
Artificial Intelligence Act	3972	Regulations	6	9	3
California Consumer Privacy Act of 2018	2957	Bill or Act	6	57	5
CIS Controls, V8	3323	Best Practice Guideline	6	24	11
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020	3275	International or National Standard	6	28	12
COSO Internal Control - Integrated Framework	1578	Self-Regulatory Body Requirement	6	24	8
ITIL Foundation 4	3272	Best Practice Guideline	6	0	1
NIST 800-53 Sample	4259	International or National Standard	6	0	0
NIST AI 600-1	3990	International or National Standard	6	7	4
NIST SP 800-53 R5	3241	International or National Standard	6	41	18
AICPA Reporting on Controls at a Service Organization SOC-2	1132	Safe Harbor	5	152	8
California Privacy Rights Act (CPRA)	3290	Bill or Act	5	9	5
Cloud Controls Matrix, v4.0	3303	Self-Regulatory Body Requirement	5	13	1
Cyber Resilience Act (CRA)	4090	Regulations	5	1	1
FFIEC IT Examination Handbook - Information Security, 2016	4024	Audit Guideline	5	11	6
ISO/IEC 27017:2015(E)	2838	Self-Regulatory Body Requirement	5	32	12
PCI Sample	4260	Self-Regulatory Body Requirement	5	0	0
TISAX, v6.0.3	4070	Audit Guideline	5	3	3
Trust Services Criteria (with Revised Points of Focus ‚Äì 2022)	3609	Self-Regulatory Body Requirement	5	13	3
Appendix B of 12 CFR Part 30	15	Regulation or Statute	4	43	22
CMMC Level 1, v2.0	3426	Best Practice Guideline	4	16	6
CobiT	102	Safe Harbor	4	177	2
COSO Enterprise Risk Management (2017)	2947	Best Practice Guideline	4	25	9
CSF V1.1	3709	International or National Standard	4	7	0
Digital Personal Data Protection Act, 2023	3679	Statutes (Bills or Acts)	4	10	1

View full post