This month’s newsletter highlights how Unified Compliance is driving innovation in compliance...
Monthly Selected Authority Documents Oct 2025
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for October.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_name | AD_id | AD_type | selected | groups | initiatives |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 29 | 24 | 5 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 25 | 27 | 12 |
| NIST CSF 2.0 | 3789 | International or National Standard | 25 | 18 | 8 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 19 | 6 | 1 |
| ISO/IEC 27001:2022/Amendment 1:2024 | 4103 | International or National Standard | 16 | 0 | 0 |
| ISO 27001-2013 | 1367 | International or National Standard | 15 | 229 | 24 |
| SOC 2®, 2022 | 3647 | Audit Guideline | 15 | 7 | 1 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 14 | 21 | 10 |
| Digital Operational Resilience Act | 3668 | Regulations | 13 | 19 | 9 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 13 | 40 | 18 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 12 | 13 | 5 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 12 | 200 | 22 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 12 | 7 | 3 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 11 | 31 | 12 |
| NIST 800-53, v5.2.0 | 4137 | International or National Standard | 11 | 0 | 0 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 11 | 5 | 1 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 11 | 8 | 6 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 10 | 6 | 2 |
| CIS Controls, V8 | 3323 | Best Practice Guideline | 10 | 23 | 11 |
| CobiT | 102 | Safe Harbor | 10 | 172 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 9 | 23 | 10 |
| ISO/IEC 27002:2013(E) | 2421 | International or National Standard | 9 | 150 | 16 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 8 | 50 | 22 |
| 23 NYCRR 500 | 3686 | Regulations | 8 | 24 | 18 |
| Cloud Controls Matrix, v4.0 | 3303 | Self-Regulatory Body Requirement | 8 | 12 | 1 |
| COSO Enterprise Risk Management (2017) | 2947 | Best Practice Guideline | 8 | 25 | 9 |
| COSO Internal Control - Integrated Framework | 1578 | Self-Regulatory Body Requirement | 8 | 24 | 8 |
| HIPAA | 3201 | Bill or Act | 8 | 16 | 5 |
| Insurance Data Security Model Law, NAIC MDL-668 | 2920 | Best Practice Guideline | 8 | 9 | 7 |
| Artificial Intelligence Act | 3972 | Regulations | 7 | 8 | 2 |
| California Privacy Rights Act (CPRA) | 3290 | Bill or Act | 7 | 8 | 4 |
| CIS 20 Critical Security Controls | 2795 | Best Practice Guideline | 7 | 36 | 3 |
| CMMC Level 2 | 4043 | Regulations | 7 | 3 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | 3270 | International or National Standard | 7 | 11 | 8 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | 3279 | International or National Standard | 7 | 7 | 3 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 7 | 16 | 9 |
| ISO 27002 | 482 | International or National Standard | 7 | 9 | 5 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 7 | 23 | 11 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 7 | 5 | 1 |
| Regulations specifying criteria (policy) for the critical ICT third-party service providers in the financial sector | 3977 | Regulations | 7 | 3 | 0 |
| RTS specifying criteria regarding ICT risk management | 3975 | Regulations | 7 | 3 | 0 |
| RTS specifying the criteria for classification of ICT-related incidents | 3976 | Regulations | 7 | 3 | 0 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | 3288 | Self-Regulatory Body Requirement | 7 | 7 | 3 |
| CMMC Assessment Guide Level 2, v2.13 | 4060 | Regulations | 6 | 0 | 0 |
| COBIT 2019 | 3009 | Safe Harbor | 6 | 9 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 | 3278 | International or National Standard | 6 | 10 | 5 |
| COSO ERM | 100 | Safe Harbor | 6 | 11 | 9 |
| Delegated regulation specifying fees for the critical ICT third-party service providers in the financial sector | 3979 | Regulations | 6 | 3 | 0 |
| FFIEC IT Examination Handbook - Development, Acquisition, and Maintenance, August 2024 | 3980 | Audit Guideline | 6 | 2 | 1 |
| HIPAA HCFA | 3200 | Best Practice Guideline | 6 | 7 | 4 |
