Skip to content

Monthly Selected Authority Documents - June, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

UCF

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 30 181 8
NIST SP 800-53 R5 International or National Standard 25 6 3
NIST CSF 1.1 International or National Standard 24 29 9
CIS Controls, V7.1 Best Practice Guideline 19 5 2
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 19 139 4
EU General Data Protection Regulation (GDPR) Regulation or Statute 17 159 10
hipaa security rule Regulation or Statute 13 3 1
ISO/IEC 27002:2013(E) International or National Standard 13 134 4
CobiT Safe Harbor 12 157 1
Sarbanes-Oxley Act of 2002 Bill or Act 12 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 11 1 0
ISO/IEC 27701:2019 International or National Standard 11 11 3
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 10 132 4
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 10 12 4
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 9 8 0
CMMC Level 3 Best Practice Guideline 9 2 2
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8 Organizational Directive 9 3 1
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements International or National Standard 9 12 0
ISO 27002 International or National Standard 9 7 2
PCI DSS 3.2 SAQ D Merchant Contractual Obligation 8 4 0
SSAE 18 Safe Harbor 8 6 3
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 8 3 2
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 7 10 1
Cloud Security Alliance CCM V1.3 Best Practice Guideline 7 5 0
CMMC Level 1 Best Practice Guideline 7 2 2
HIPAA Bill or Act 7 6 2
ISO 27005 R 2011 International or National Standard 7 12 3
ISO/IEC 27018:2014 International or National Standard 7 14 2
NIST SP 800-53 International or National Standard 7 16 1
CIS 20 Critical Security Controls Best Practice Guideline 6 23 2
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 6 12 2
CMMC Level 4 Best Practice Guideline 6 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 6 1 3
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 International or National Standard 6 1 0
COSO Enterprise Risk Management (2017) Best Practice Guideline 6 7 3
DFARS 252.204-7012 Bill or Act 6 0 0
FedRAMP Baseline Security Controls Audit Guideline 6 119 0
HIPAA Electronic Health Record Technology Regulation or Statute 6 0 1
ISO 20000-1 2nd Ed International or National Standard 6 29 0
MAS TRM Contractual Obligation 6 32 0
NIST 800-53A International or National Standard 6 7 2
NIST SP 800 66 Safe Harbor 6 24 1
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 6 0 0
PCI SAQ A v3.2 Contractual Obligation 6 2 3
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 International or National Standard 6 5 0
Trust Services Criteria Self-Regulatory Body Requirement 6 6 2
23 NYCRR 500 Regulation or Statute 5 8 3
AICPA Trust Services Audit Guideline 5 6 1
California Consumer Privacy Act of 2018 Bill or Act 5 38 1
CMMC Level 2 Best Practice Guideline 5 2 2