Skip to content
Contact us

Monthly Selected Authority Documents Nov 2025

Picture of Amanda B.

Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for November.

See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.

AD_common_name AD_id AD_type selected groups initiatives
NIST CSF 2.0 3789 International or National Standard 33 18 8
ISO/IEC 27001:2022 3567 International or National Standard 27 24 5
EU General Data Protection Regulation (GDPR) 2802 Regulation or Statute 22 200 22
ISO/IEC 27002:2022 3430 International or National Standard 17 27 12
NIST 800-53, v5.2.0 4137 International or National Standard 17 0 0
ISO/IEC 27001:2022/Amendment 1:2024 4103 International or National Standard 14 0 0
California Privacy Rights Act (CPRA) 3290 Bill or Act 12 8 4
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 3714 Regulatory Directive or Guidance 12 13 5
Sarbanes-Oxley Act of 2002 3296 Bill or Act 12 8 6
CMMC Level 2 4043 Regulations 11 3 1
HIPAA Security and Privacy Rule 3986 Regulations 11 17 10
NIST AI 100-1 3591 Best Practice Guideline 11 5 1
Artificial Intelligence Act 3972 Regulations 10 8 2
ISO/IEC 27701:2019 3020 International or National Standard 10 21 10
SOC 2®, 2022 3647 Audit Guideline 10 7 1
CIS Controls Version 8.1 3955 Best Practice Guideline 9 6 2
Digital Operational Resilience Act 3668 Regulations 9 20 10
NIST SP 800-53 R5 3241 International or National Standard 9 40 18
AICPA Reporting on Controls at a Service Organization SOC-2 1132 Safe Harbor 8 147 8
CIS Controls, V8 3323 Best Practice Guideline 8 23 11
ISO 42001:2023 4039 International or National Standard 8 5 2
NIST AI 600-1 3990 International or National Standard 8 4 3
PCI DSS Defined Approach Requirements v4.0.1 3987 International or National Standard 8 6 1
PCI DSS v4.0.1 SAQ D for Merchants 4086 Self-Regulatory Body Requirement 7 5 5
TISAX, v6.0.3 4070 Audit Guideline 7 2 2
CMMC Assessment Guide Level 2, v2.13 4060 Regulations 6 0 0
FedRAMP Version 5 Moderate Baseline 3644 Audit Guideline 6 3 1
ISO 27001-2013 1367 International or National Standard 6 229 24
ISO 42001:2023 4062 International or National Standard 6 2 1
ISO 9001:2015 2942 International or National Standard 6 28 6
ISO/IEC 27017:2015(E) 2838 Self-Regulatory Body Requirement 6 31 12
NIS2 Commission Implementing Regulation on critical entities and networks 4106 Regulations 6 0 0
NIST SP 800-53 902 International or National Standard 6 19 3
NIST SP 800-53 Revision 5.1.1 3687 International or National Standard 6 7 3
PCI DSS Defined Approach Testing Procedures v4.0.1 3988 International or National Standard 6 5 1
PCI DSS v4.0.1 SAQ D for Service Providers 4087 Self-Regulatory Body Requirement 6 0 0
23 NYCRR 500 2895 Regulation or Statute 5 51 23
23 NYCRR 500 3686 Regulations 5 25 19
45 CFR Part 160 986 Regulation or Statute 5 13 5
CMMC Assessment Guide Level 1, v2.13 4059 Regulations 5 0 0
HIPAA 3201 Bill or Act 5 16 5
IEC 62443-4-2 3349 International or National Standard 5 5 4
ISO/IEC 27018:2019 3429 International or National Standard 5 9 2
TSP Section 100: 2017  Trust  Services  Criteria for  Security,  Availability, Processing  Integrity,  Confidentiality, and Privacy 3288 Self-Regulatory Body Requirement 5 7 3
45 CFR Part 162 985 Regulation or Statute 4 11 4
CCM v4.0 3578 Self-Regulatory Body Requirement 4 4 4
CMMC Assessment Guide Level 3, v2.13 4061 Regulations 4 0 0
CMMC Level 3 4044 Regulations 4 0 0
FFIEC IT Examination Handbook - Development, Acquisition, and Maintenance, August 2024 3980 Audit Guideline 4 2 1
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements 1423 International or National Standard 4 24 1
,