| ISO 27001-2013 |
International or National Standard |
27 |
186 |
11 |
| NIST SP 800-53 R5 |
International or National Standard |
26 |
8 |
3 |
| NIST CSF 1.1 |
International or National Standard |
22 |
34 |
12 |
| CIS Controls, V8 |
Best Practice Guideline |
17 |
0 |
0 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 |
Contractual Obligation |
17 |
4 |
3 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
13 |
164 |
10 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
10 |
3 |
2 |
| HIPAA |
Bill or Act |
9 |
9 |
4 |
| hipaa security rule |
Regulation or Statute |
9 |
4 |
1 |
| 23 NYCRR 500 |
Regulation or Statute |
8 |
9 |
3 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
8 |
2 |
0 |
| ISO 27002 |
International or National Standard |
8 |
7 |
2 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
8 |
138 |
7 |
| ISO/IEC 27701:2019 |
International or National Standard |
8 |
11 |
3 |
| NIST SP 800-53 |
International or National Standard |
8 |
16 |
1 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
8 |
2 |
3 |
| 21 CFR Part 11 |
Regulation or Statute |
7 |
29 |
0 |
| CMMC Level 3 |
Best Practice Guideline |
7 |
4 |
2 |
| HITECH title within the American Recovery and Reinvestment Act of 2009 |
Bill or Act |
7 |
10 |
2 |
| ISO 9001:2015 |
International or National Standard |
7 |
18 |
2 |
| ISO/IEC 27018:2014 |
International or National Standard |
7 |
15 |
2 |
| CobiT |
Safe Harbor |
6 |
162 |
1 |
| Gramm Leach Bliley |
Bill or Act |
6 |
0 |
0 |
| ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
6 |
13 |
4 |
| NIST SP 800-171 |
International or National Standard |
6 |
2 |
1 |
| Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
5 |
0 |
0 |
| Cloud Security Alliance CCM V1.3 |
Best Practice Guideline |
5 |
5 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 |
International or National Standard |
5 |
4 |
3 |
| COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
5 |
10 |
2 |
| FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 |
Audit Guideline |
5 |
0 |
0 |
| ISO 14001:2015 |
International or National Standard |
5 |
0 |
0 |
| APRA CPS 234 |
Regulation or Statute |
4 |
3 |
0 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
4 |
39 |
1 |
| EudraLex Rules Governing Medicinal Products in the European Union Annex 11 Computerised Systems |
Best Practice Guideline |
4 |
4 |
1 |
| HIPAA Electronic Health Record Technology |
Regulation or Statute |
4 |
1 |
1 |
| India Indian Info Privacy Act |
Regulation or Statute |
4 |
15 |
0 |
| ISO 31000:2018 |
International or National Standard |
4 |
10 |
1 |
| Italy Personal Data Protection Code |
Regulation or Statute |
4 |
1 |
0 |
| MAS-TRMG-2021 |
Contractual Obligation |
4 |
3 |
0 |
| New Zealand Privacy Act |
Regulation or Statute |
4 |
3 |
0 |
| NICE NIST |
International or National Standard |
4 |
12 |
1 |
| NIST CSF 1.0 |
International or National Standard |
4 |
11 |
2 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
4 |
146 |
4 |
| PIPEDA |
Bill or Act |
4 |
2 |
2 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
4 |
4 |
2 |
| 45 CFR Part 160 |
Regulation or Statute |
3 |
4 |
4 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
3 |
137 |
4 |
| Australian Privacy Act |
Bill or Act |
3 |
2 |
0 |
| Austria Data Protection Law |
Regulation or Statute |
3 |
1 |
0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
3 |
9 |
0 |
