Skip to content

Monthly Selected Authority Documents May 2025

Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for April.

See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.

AD_common_name AD_id AD_type selected groups initiatives
NIST CSF 2.0 3789 International or National Standard 41 14 6
ISO/IEC 27001:2022 3567 International or National Standard 36 19 4
ISO/IEC 27002:2022 3430 International or National Standard 25 21 11
NIST SP 800-53 Revision 5.1.1 3687 International or National Standard 25 3 2
NIST SP 800-53 R5 3241 International or National Standard 23 37 18
CIS Controls, V8 3323 Best Practice Guideline 17 19 9
NIST 800-171 Rev 3 3946 International or National Standard 16 4 0
23 NYCRR 500 3686 Regulations 15 17 12
NIST AI 100-1 3591 Best Practice Guideline 15 2 0
Sarbanes-Oxley Act of 2002 3296 Bill or Act 15 7 6
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 3275 International or National Standard 14 17 7
Digital Operational Resilience Act 3668 Regulations 14 12 4
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations 3134 International or National Standard 14 21 10
SOC 2®, 2022 3647 Audit Guideline 14 6 1
Gramm Leach Bliley 3302 Bill or Act 13 12 0
PCI DSS Defined Approach Requirements, Version 4.0 3444 International or National Standard 13 19 6
EU General Data Protection Regulation (GDPR) 2802 Regulation or Statute 12 193 21
NIST CSF 1.1 2934 International or National Standard 12 67 23
16 CFR Part 314, Standards for Safeguarding Customer Information 3449 Regulation or Statute 11 23 14
23 NYCRR 500 2895 Regulation or Statute 11 43 16
PCI DSS Defined Approach Requirements v4.0.1 3987 International or National Standard 11 3 1
PCI DSS v3.2.1 3315 Contractual Obligation 11 9 5
CIS Controls Version 8.1 3955 Best Practice Guideline 10 2 0
CMMC Level 2, v2.0 3427 Best Practice Guideline 10 15 6
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 3279 International or National Standard 10 6 3
ISO/IEC 27017:2015(E) 2838 Self-Regulatory Body Requirement 10 29 12
ISO/IEC 27701:2019 3020 International or National Standard 10 20 10
NIST SP 800-161 r1 3465 International or National Standard 10 1 0
PCI DSS Defined Approach Testing Procedures v4.0.1 3988 International or National Standard 10 3 1
PCI DSS Defined Approach Testing Procedures, Version 4.0 3445 International or National Standard 10 12 6
Cloud Controls Matrix, v4.0 3303 Self-Regulatory Body Requirement 9 11 1
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 3270 International or National Standard 9 10 8
HIPAA 3201 Bill or Act 9 13 4
HIPAA Security and Privacy Rule 3986 Regulations 9 10 4
NIST Privacy Framework 3087 International or National Standard 9 16 8
NIST SP 800-37r2 3013 International or National Standard 9 13 5
NIST SP 800-53 902 International or National Standard 9 18 3
PCI DSS v4.0 SAQ D Merchants 3464 Contractual Obligation 9 15 13
Artificial Intelligence Act 3972 Regulations 8 4 1
California Consumer Privacy Act of 2018 2957 Bill or Act 8 46 3
California Privacy Rights Act (CPRA) 3290 Bill or Act 8 5 3
CMMC Level 1, v2.0 3426 Best Practice Guideline 8 13 5
CMMC Level 2 4043 Regulations 8 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 3278 International or National Standard 8 9 5
Insurance Data Security Law 3404 Regulation or Statute 8 14 13
ISO 31000:2018 2936 International or National Standard 8 25 8
ISO 42001:2023 4039 International or National Standard 8 3 1
NIST AI 600-1 3990 International or National Standard 8 1 1
NIST CSF 1.0 1365 International or National Standard 8 12 2
NIST SP 800-61 81 International or National Standard 8 25 9