| ISO 27001-2013 |
International or National Standard |
40 |
187 |
11 |
| NIST SP 800-53 R5 |
International or National Standard |
29 |
9 |
5 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
23 |
164 |
10 |
| NIST CSF 1.1 |
International or National Standard |
17 |
34 |
13 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
17 |
2 |
3 |
| CIS Controls, V8 |
Best Practice Guideline |
15 |
0 |
1 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
15 |
147 |
4 |
| CobiT |
Safe Harbor |
14 |
162 |
1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
14 |
4 |
2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
13 |
3 |
0 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 |
Contractual Obligation |
13 |
4 |
3 |
| ISO/IEC 27701:2019 |
International or National Standard |
12 |
12 |
3 |
| MAS TRM |
Contractual Obligation |
12 |
36 |
0 |
| HIPAA |
Bill or Act |
11 |
10 |
5 |
| hipaa security rule |
Regulation or Statute |
11 |
5 |
1 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
11 |
139 |
7 |
| SOC2 |
Safe Harbor |
11 |
0 |
0 |
| MAS Guidelines on Outsourcing |
Bill or Act |
10 |
0 |
0 |
| MAS-TRMG-2021 |
Contractual Obligation |
10 |
3 |
0 |
| NIST CSF 1.0 |
International or National Standard |
10 |
11 |
2 |
| Notice on Cyber Hygiene |
Bill or Act |
10 |
0 |
0 |
| Notice on Technology Risk Management, Notice No. CMG-N02 |
Self-Regulatory Body Requirement |
10 |
38 |
0 |
| Singapore Personal Data Protection Act 2012 |
Regulation or Statute |
10 |
1 |
0 |
| Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium |
Best Practice Guideline |
10 |
1 |
0 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
9 |
137 |
4 |
| Gramm Leach Bliley |
Bill or Act |
9 |
0 |
1 |
| NIST SP 800-37r2 |
International or National Standard |
9 |
10 |
4 |
| FedRAMP Security Controls Baseline, 2018 |
Audit Guideline |
8 |
1 |
4 |
| ISO 27002 |
International or National Standard |
8 |
7 |
2 |
| ISO 9001:2015 |
International or National Standard |
8 |
18 |
2 |
| Notice No.: CMG-N02, Notice On Technology Risk Management |
Self-Regulatory Body Requirement |
8 |
2 |
0 |
| PCI SAQ A v3.2 |
Contractual Obligation |
8 |
6 |
3 |
| Singapore Corporate Governance |
Regulation or Statute |
8 |
6 |
0 |
| Singapore Personal Data Protection Act 2012 (No. 26 of 2012) Revised Edition 2021 |
Regulation or Statute |
8 |
0 |
0 |
| CMMC Level 1 |
Best Practice Guideline |
7 |
4 |
2 |
| CMMC Level 3 |
Best Practice Guideline |
7 |
4 |
3 |
| COBIT 2019 |
Safe Harbor |
7 |
5 |
2 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements |
International or National Standard |
7 |
13 |
0 |
| ISO 27005 R 2011 |
International or National Standard |
7 |
12 |
3 |
| NIST SP 800-171 |
International or National Standard |
7 |
3 |
1 |
| PCI DSS 3.0 Requirements |
Self-Regulatory Body Requirement |
7 |
95 |
1 |
| PCI DSS Testing Procedures v3.2 |
Contractual Obligation |
7 |
24 |
2 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
7 |
4 |
2 |
| 23 NYCRR 500 |
Regulation or Statute |
6 |
9 |
3 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
6 |
39 |
1 |
| CMMC Level 5 |
Best Practice Guideline |
6 |
2 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 |
International or National Standard |
6 |
5 |
3 |
| ITIL Foundation 4 |
Best Practice Guideline |
6 |
0 |
0 |
| NIST Privacy Framework |
International or National Standard |
6 |
9 |
2 |
| NIST SP 800-53 R4 |
International or National Standard |
6 |
4 |
3 |
