| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
37 |
164 |
10 |
| ISO 27001-2013 |
International or National Standard |
37 |
186 |
8 |
| NIST CSF 1.1 |
International or National Standard |
30 |
34 |
9 |
| NIST SP 800-53 R5 |
International or National Standard |
20 |
7 |
3 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
19 |
143 |
4 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
16 |
137 |
4 |
| CIS Controls, V8 |
Best Practice Guideline |
16 |
0 |
0 |
| CMMC Level 3 |
Best Practice Guideline |
15 |
2 |
2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
15 |
1 |
0 |
| HIPAA |
Bill or Act |
13 |
9 |
4 |
| hipaa security rule |
Regulation or Statute |
13 |
4 |
1 |
| HKMA General Principles for Technology Risk Management |
Regulation or Statute |
13 |
18 |
0 |
| MAS TRM |
Contractual Obligation |
13 |
36 |
0 |
| CobiT |
Safe Harbor |
12 |
162 |
1 |
| FedRAMP Baseline Security Controls |
Audit Guideline |
12 |
124 |
0 |
| ISO/IEC 27701:2019 |
International or National Standard |
12 |
11 |
3 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
12 |
2 |
2 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 |
Contractual Obligation |
12 |
1 |
0 |
| Australian Government Information Security Manual Controls |
International or National Standard |
11 |
3 |
0 |
| ISO 27002 |
International or National Standard |
11 |
7 |
2 |
| NIST SP 800-53 |
International or National Standard |
11 |
16 |
1 |
| PCI DSS 3.2 SAQ D Merchant |
Contractual Obligation |
11 |
4 |
0 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
11 |
2 |
0 |
| 23 NYCRR 500 |
Regulation or Statute |
10 |
9 |
3 |
| India Indian Info Privacy Act |
Regulation or Statute |
10 |
15 |
0 |
| Notice No.: CMG-N02, Notice On Technology Risk Management |
Self-Regulatory Body Requirement |
10 |
2 |
0 |
| Risk Management of E-banking |
Contractual Obligation |
10 |
18 |
0 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 |
Safe Harbor |
10 |
9 |
3 |
| CMMC Level 4 |
Best Practice Guideline |
9 |
2 |
0 |
| CMMC Level 5 |
Best Practice Guideline |
9 |
2 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 |
International or National Standard |
9 |
2 |
3 |
| COSO Enterprise Risk Management (2017) |
Best Practice Guideline |
9 |
10 |
3 |
| Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds |
Best Practice Guideline |
9 |
22 |
0 |
| HKMA-2001-12-28 - Supervisory Policy Manual (SA-2) Outsourcing |
Regulation or Statute |
9 |
0 |
0 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
9 |
138 |
4 |
| ISO/IEC 27018:2014 |
International or National Standard |
9 |
15 |
2 |
| MAS-TRMG-2021 |
Contractual Obligation |
9 |
2 |
0 |
| NIST SP 800-172 |
International or National Standard |
9 |
1 |
0 |
| Notice on Technology Risk Management, Notice No. CMG-N02 |
Self-Regulatory Body Requirement |
9 |
38 |
0 |
| Risk Management of E-banking V.3 |
Contractual Obligation |
9 |
2 |
0 |
| SWIFT Customer Security Controls Framework |
Best Practice Guideline |
9 |
0 |
0 |
| APRA PPG 234 |
Safe Harbor |
8 |
0 |
0 |
| APRA PPG 234 |
Safe Harbor |
8 |
8 |
0 |
| COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
8 |
10 |
2 |
| FFIEC IT Examination Handbook |
Audit Guideline |
8 |
11 |
2 |
| NIST SP 800-53 R4 High Impact, Deprecated |
International or National Standard |
8 |
168 |
4 |
| NIST SP 800-53 R4, Deprecated |
International or National Standard |
8 |
139 |
7 |
| PCI SAQ A v3.2 |
Contractual Obligation |
8 |
3 |
3 |
| Singapore Corporate Governance |
Regulation or Statute |
8 |
6 |
0 |
| ACSI 33 |
Best Practice Guideline |
7 |
1 |
0 |
