| ISO 27001-2013 |
International or National Standard |
25 |
172 |
8 |
| CobiT |
Safe Harbor |
23 |
151 |
2 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
21 |
125 |
3 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
20 |
153 |
11 |
| NIST CSF 1.1 |
International or National Standard |
19 |
29 |
7 |
| Sarbanes Oxley SOX |
Regulation or Statute |
17 |
141 |
1 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 |
International or National Standard |
16 |
3 |
0 |
| ISO 27002 |
International or National Standard |
15 |
5 |
1 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
15 |
138 |
4 |
| ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
13 |
12 |
4 |
| NIST SP 800-53 R5 |
International or National Standard |
13 |
4 |
2 |
| Cloud Controls Matrix, Version 3.0 |
Self-Regulatory Body Requirement |
12 |
12 |
2 |
| ISO 31000 R 2009 |
International or National Standard |
12 |
154 |
2 |
| ISO/IEC 27018:2014 |
International or National Standard |
12 |
14 |
2 |
| Red Book (Condensed) |
International or National Standard |
12 |
5 |
4 |
| NIST SP 800-53 |
International or National Standard |
11 |
14 |
0 |
| NIST SP 800-53 R4 |
International or National Standard |
11 |
3 |
2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 |
International or National Standard |
10 |
0 |
2 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
9 |
7 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
9 |
0 |
0 |
| EBA/GL/2019/04 |
Regulation or Statute |
9 |
2 |
0 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
9 |
134 |
4 |
| NICE NIST |
International or National Standard |
9 |
10 |
1 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4 |
International or National Standard |
9 |
2 |
0 |
| CMMC Level 3 |
Best Practice Guideline |
8 |
0 |
3 |
| CMMC Level 5 |
Best Practice Guideline |
8 |
0 |
1 |
| CSIS 20 Critical Security Controls |
Best Practice Guideline |
8 |
148 |
0 |
| ISO/IEC 27701:2019 |
International or National Standard |
8 |
9 |
3 |
| NIST SP 800 66 |
Safe Harbor |
8 |
19 |
1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
8 |
1 |
3 |
| NIST SP 800-37r2 |
International or National Standard |
8 |
8 |
4 |
| PCI DSS Testing Procedures v3.2 |
Contractual Obligation |
8 |
15 |
2 |
| Cloud Security Alliance CCM V1.3 |
Best Practice Guideline |
7 |
5 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 |
International or National Standard |
7 |
0 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 |
International or National Standard |
7 |
0 |
2 |
| FedRAMP Baseline Security Controls |
Audit Guideline |
7 |
114 |
0 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements |
International or National Standard |
7 |
11 |
0 |
| PCI DSS 3.0 Requirements |
Self-Regulatory Body Requirement |
7 |
83 |
1 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4 |
International or National Standard |
7 |
2 |
0 |
| 21 CFR Part 11 |
Regulation or Statute |
6 |
19 |
0 |
| 23 NYCRR 500 |
Regulation or Statute |
6 |
7 |
3 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
6 |
33 |
1 |
| CIS 20 Critical Security Controls |
Best Practice Guideline |
6 |
16 |
2 |
| CIS Controls, V7.1 |
Best Practice Guideline |
6 |
3 |
3 |
| Cyber Essentials Scheme (CES) Questionnaire |
Best Practice Guideline |
6 |
2 |
0 |
| FedRAMP Security Controls Baseline, 2018 |
Audit Guideline |
6 |
0 |
4 |
| FFIEC Development Acquisition |
Best Practice Guideline |
6 |
3 |
1 |
| FFIEC Information Technology Examination Handbook - Business Continuity Management |
Audit Guideline |
6 |
9 |
1 |
| Financial Services Sector Cybersecurity Profile |
International or National Standard |
6 |
0 |
2 |
| Gramm Leach Bliley |
Bill or Act |
6 |
8 |
3 |
