Monthly Selected Authority Documents May 2025
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for April.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_common_name | AD_id | AD_type | selected | groups | initiatives |
| NIST CSF 2.0 | 3789 | International or National Standard | 41 | 14 | 6 |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 36 | 19 | 4 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 25 | 21 | 11 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 25 | 3 | 2 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 23 | 37 | 18 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 17 | 19 | 9 |
| NIST 800-171 Rev 3 | 3946 | International or National Standard | 16 | 4 | 0 |
| 23 NYCRR 500 | 3686 | Regulations | 15 | 17 | 12 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 15 | 2 | 0 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 15 | 7 | 6 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 14 | 17 | 7 |
| Digital Operational Resilience Act | 3668 | Regulations | 14 | 12 | 4 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 14 | 21 | 10 |
| SOC 2®, 2022 | 3647 | Audit Guideline | 14 | 6 | 1 |
| Gramm Leach Bliley | 3302 | Bill or Act | 13 | 12 | 0 |
| PCI DSS Defined Approach Requirements, Version 4.0 | 3444 | International or National Standard | 13 | 19 | 6 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 12 | 193 | 21 |
| NIST CSF 1.1 | 2934 | International or National Standard | 12 | 67 | 23 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | 3449 | Regulation or Statute | 11 | 23 | 14 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 11 | 43 | 16 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 11 | 3 | 1 |
| PCI DSS v3.2.1 | 3315 | Contractual Obligation | 11 | 9 | 5 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 10 | 2 | 0 |
| CMMC Level 2, v2.0 | 3427 | Best Practice Guideline | 10 | 15 | 6 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | 3279 | International or National Standard | 10 | 6 | 3 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 10 | 29 | 12 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 10 | 20 | 10 |
| NIST SP 800-161 r1 | 3465 | International or National Standard | 10 | 1 | 0 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 10 | 3 | 1 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | 3445 | International or National Standard | 10 | 12 | 6 |
| Cloud Controls Matrix, v4.0 | 3303 | Self-Regulatory Body Requirement | 9 | 11 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | 3270 | International or National Standard | 9 | 10 | 8 |
| HIPAA | 3201 | Bill or Act | 9 | 13 | 4 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 9 | 10 | 4 |
| NIST Privacy Framework | 3087 | International or National Standard | 9 | 16 | 8 |
| NIST SP 800-37r2 | 3013 | International or National Standard | 9 | 13 | 5 |
| NIST SP 800-53 | 902 | International or National Standard | 9 | 18 | 3 |
| PCI DSS v4.0 SAQ D Merchants | 3464 | Contractual Obligation | 9 | 15 | 13 |
| Artificial Intelligence Act | 3972 | Regulations | 8 | 4 | 1 |
| California Consumer Privacy Act of 2018 | 2957 | Bill or Act | 8 | 46 | 3 |
| California Privacy Rights Act (CPRA) | 3290 | Bill or Act | 8 | 5 | 3 |
| CMMC Level 1, v2.0 | 3426 | Best Practice Guideline | 8 | 13 | 5 |
| CMMC Level 2 | 4043 | Regulations | 8 | 2 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 | 3278 | International or National Standard | 8 | 9 | 5 |
| Insurance Data Security Law | 3404 | Regulation or Statute | 8 | 14 | 13 |
| ISO 31000:2018 | 2936 | International or National Standard | 8 | 25 | 8 |
| ISO 42001:2023 | 4039 | International or National Standard | 8 | 3 | 1 |
| NIST AI 600-1 | 3990 | International or National Standard | 8 | 1 | 1 |
| NIST CSF 1.0 | 1365 | International or National Standard | 8 | 12 | 2 |
| NIST SP 800-61 | 81 | International or National Standard | 8 | 25 | 9 |