Monthly Selected Authority Documents September 2025

Written by Amanda B. | Oct 1, 2025 5:26:34 PM

Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for September.

See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.

AD_name	AD_id	AD_type	selected	groups	initiatives
NIST CSF 2.0	3789	International or National Standard	38	18	8
ISO/IEC 27001:2022	3567	International or National Standard	30	24	5
ISO/IEC 27002:2022	3430	International or National Standard	27	27	12
PCI DSS Defined Approach Requirements v4.0.1	3987	International or National Standard	24	6	1
EU General Data Protection Regulation (GDPR)	2802	Regulation or Statute	19	200	22
NIST SP 800-53 Revision 5.1.1	3687	International or National Standard	17	7	3
SOC 2¬Æ, 2022	3647	Audit Guideline	17	7	1
NIST 800-171 Rev 3	3946	International or National Standard	15	7	2
Digital Operational Resilience Act	3668	Regulations	14	19	9
HIPAA Security and Privacy Rule	3986	Regulations	14	16	9
ISO/IEC 27017:2015(E)	2838	Self-Regulatory Body Requirement	14	31	12
NIST AI 100-1	3591	Best Practice Guideline	12	5	1
CIS Controls, V8	3323	Best Practice Guideline	11	23	11
HIPAA	3201	Bill or Act	11	15	4
NIST 800-53, v5.2.0	4137	International or National Standard	11	0	0
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations	3134	International or National Standard	11	23	11
NIST SP 800-53 R5	3241	International or National Standard	11	40	18
CCM v4.0	3578	Self-Regulatory Body Requirement	10	4	4
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022	3714	Regulatory Directive or Guidance	10	13	5
Sarbanes-Oxley Act of 2002	3296	Bill or Act	10	8	6
CobiT	102	Safe Harbor	9	172	2
COBIT 2019	3009	Safe Harbor	9	9	2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020	3275	International or National Standard	9	23	10
ISO 27001-2013	1367	International or National Standard	9	229	24
ISO/IEC 27001:2022/Amendment 1:2024	4103	International or National Standard	9	0	0
23 NYCRR 500	3686	Regulations	8	24	18
CIS Controls Version 8.1	3955	Best Practice Guideline	8	6	2
CMMC Level 1, v2.0	3426	Best Practice Guideline	8	14	5
CMMC Level 2, v2.0	3427	Best Practice Guideline	8	16	6
CSF V1.1	3709	International or National Standard	8	6	0
Insurance Data Security Model Law, NAIC MDL-668	2920	Best Practice Guideline	8	9	7
ISO 42001:2023	4062	International or National Standard	8	2	1
ISO 9001:2015	2942	International or National Standard	8	28	6
Trust Services Criteria (with Revised Points of Focus ‚Äì 2022)	3609	Self-Regulatory Body Requirement	8	12	3
45 CFR Part 170	3719	Regulations	7	6	0
Cloud Controls Matrix, v4.0	3303	Self-Regulatory Body Requirement	7	12	1
ISO/IEC 27018:2019	3429	International or National Standard	7	9	2
ITIL Foundation 4	3272	Best Practice Guideline	7	0	1
NIST AI 600-1	3990	International or National Standard	7	4	3
PCI DSS Defined Approach Requirements, Version 4.0	3444	International or National Standard	7	18	6
23 NYCRR 500	2895	Regulation or Statute	6	50	22
45 CFR Part 160	986	Regulation or Statute	6	13	5
AICPA Reporting on Controls at a Service Organization SOC-2	1132	Safe Harbor	6	147	8
CMMC Level 2	4043	Regulations	6	3	1
COSO Enterprise Risk Management (2017)	2947	Best Practice Guideline	6	25	9
Indiana Code Disclosure of Security Breach	762	Regulation or Statute	6	5	4
ISO 42001:2023	4039	International or National Standard	6	5	2
NIST Privacy Framework	3087	International or National Standard	6	16	8
NIST SP 800-53 R4	3212	International or National Standard	6	7	3
PCI DSS v3.2.1	3315	Contractual Obligation	6	12	5

View full post