| ISO 27001-2013 |
International or National Standard |
24 |
187 |
11 |
| hipaa security rule |
Regulation or Statute |
21 |
4 |
1 |
| NIST SP 800-53 R5 |
International or National Standard |
19 |
8 |
5 |
| NIST CSF 1.1 |
International or National Standard |
18 |
34 |
12 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
15 |
164 |
10 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 |
Contractual Obligation |
13 |
4 |
3 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
11 |
2 |
3 |
| CobiT |
Safe Harbor |
10 |
162 |
1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 |
International or National Standard |
10 |
2 |
0 |
| CIS Controls, V8 |
Best Practice Guideline |
9 |
0 |
0 |
| ISO 27005 R 2011 |
International or National Standard |
9 |
12 |
3 |
| ISO/IEC 27701:2019 |
International or National Standard |
9 |
12 |
3 |
| NIST SP 800-63C |
International or National Standard |
9 |
4 |
2 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
8 |
10 |
0 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
8 |
3 |
2 |
| NIST SP 800-63A |
International or National Standard |
8 |
4 |
3 |
| NIST SP 800-63B |
International or National Standard |
8 |
4 |
3 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4 |
International or National Standard |
8 |
4 |
0 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
7 |
137 |
4 |
| HIPAA |
Bill or Act |
7 |
9 |
4 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
7 |
139 |
7 |
| SOC2 |
Safe Harbor |
7 |
0 |
0 |
| Cyber Essentials Scheme (CES) Questionnaire |
Best Practice Guideline |
6 |
2 |
0 |
| FedRAMP Baseline Security Controls |
Audit Guideline |
6 |
124 |
0 |
| Gramm Leach Bliley |
Bill or Act |
6 |
0 |
0 |
| NIST SP 800 66 |
Safe Harbor |
6 |
25 |
1 |
| PCI DSS 3.0 Requirements |
Self-Regulatory Body Requirement |
6 |
95 |
1 |
| PCI DSS 3.2 SAQ D Merchant |
Contractual Obligation |
6 |
6 |
0 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
6 |
146 |
4 |
| PCI SAQ A v3.2 |
Contractual Obligation |
6 |
5 |
3 |
| 23 NYCRR 500 |
Regulation or Statute |
5 |
9 |
3 |
| CMMC Level 5 |
Best Practice Guideline |
5 |
2 |
0 |
| Commission of the European Communities Information Technology Security Evaluation Manual |
Safe Harbor |
5 |
1 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
5 |
2 |
0 |
| Czech Republic Data Protection Act |
Regulation or Statute |
5 |
0 |
0 |
| EU 8th Directive |
Regulation or Statute |
5 |
3 |
0 |
| ISO 27002 |
International or National Standard |
5 |
7 |
2 |
| ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
5 |
14 |
4 |
| NIST SP 800-39 |
International or National Standard |
5 |
4 |
1 |
| NIST SP 800-53 R4 High Impact, Deprecated |
International or National Standard |
5 |
168 |
4 |
| ACPO Good Practice Guidefor Digital Evidence |
Best Practice Guideline |
4 |
1 |
0 |
| Australian Government Information Security Manual Controls |
International or National Standard |
4 |
3 |
0 |
| Bosnia Law on Protection of Personal Data 2001 |
Regulation or Statute |
4 |
0 |
0 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
4 |
1 |
1 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
4 |
39 |
1 |
| China Personal Data Ordinance of Hong Kong 2 |
Regulation or Statute |
4 |
7 |
0 |
| Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
4 |
0 |
0 |
| CMMC Level 3 |
Best Practice Guideline |
4 |
4 |
2 |
| COSO Enterprise Risk Management (2017) |
Best Practice Guideline |
4 |
11 |
3 |
| CSIS 20 Critical Security Controls |
Best Practice Guideline |
4 |
157 |
0 |
