Official UC blog

Monthly Selected Authority Documents April, 2024

Written by Matt H. | May 6, 2024 9:43:49 PM

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name AD Type Selected Groups Initiatives
NIST CSF 2.0 International or National Standard 71 1 1
ISO/IEC 27001:2022 International or National Standard 43 10 4
ISO/IEC 27002:2022 International or National Standard 32 10 10
NIST SP 800-53 R5 International or National Standard 30 28 17
CIS Controls, V8 Best Practice Guideline 29 13 9
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 24 10 5
ISO/IEC 27701:2019 International or National Standard 22 19 10
NIST SP 800-53 Revision 5.1.1 International or National Standard 20 0 0
PCI DSS Defined Approach Testing Procedures, Version 4.0 International or National Standard 19 6 5
CobiT Safe Harbor 18 168 2
EU General Data Protection Regulation (GDPR) Regulation or Statute 18 185 19
Sarbanes-Oxley Act of 2002 Bill or Act 18 5 6
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 16 6 1
ISO 27001-2013 International or National Standard 16 218 23
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 16 16 9
PCI DSS v3.2.1 Contractual Obligation 16 8 4
Digital Operational Resilience Act Regulations 15 1 1
ISO 27002 International or National Standard 15 8 5
hipaa security rule Regulation or Statute 14 5 1
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 14 23 11
23 NYCRR 500 Regulations 13 2 2
FFIEC CAT Best Practice Guideline 13 24 1
NIST SP 800-53 International or National Standard 13 17 2
SOC 2®, 2022 Audit Guideline 13 0 0
SWIFT Customer Security Controls Framework Best Practice Guideline 13 0 0
FFIEC IT Examination Handbook Audit Guideline 12 22 2
NIST CSF 1.1 International or National Standard 12 62 23
23 NYCRR 500 Regulation or Statute 11 30 7
ISO 27005:2018 International or National Standard 11 1 1
NIST SP 800-171 International or National Standard 11 4 2
Trust Services Criteria (with Revised Points of Focus - 2022) Self-Regulatory Body Requirement 11 5 3
Gramm Leach Bliley Bill or Act 10 3 0
NIST Privacy Framework International or National Standard 10 15 7
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 9 144 7
CMMC Level 2, v2.0 Best Practice Guideline 9 10 6
ISO/IEC 27018:2019 International or National Standard 9 3 2
NIST AI 100-1 Best Practice Guideline 9 1 0
NIST SP 800-37r2 International or National Standard 9 13 5
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 8 10 8
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 International or National Standard 8 9 5
CSF V1.1 International or National Standard 8 0 0
HIPAA Bill or Act 8 10 4
ISO 31000:2018 International or National Standard 8 24 7
NIST SP 800-63B International or National Standard 8 11 8
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 8 9 3
COBIT 2019 Safe Harbor 7 5 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 7 11 5
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 7 24 8
FedRAMP Version 5 Moderate Baseline Audit Guideline 7 0 0
HIPAA Electronic Health Record Technology Regulation or Statute 7 2 1