Monthly Selected Authority Documents April 2025
Discover the Top 50 Most Popular Authority Documents in the Common Controls Hub (CCH) for March.
See how often each document was assigned across user groups and compliance initiatives—insightful data to help guide your compliance strategy.
| AD_common_name | AD_id | AD_type | selected | groups | initiatives |
| ISO/IEC 27001:2022 | 3567 | International or National Standard | 41 | 17 | 4 |
| NIST CSF 2.0 | 3789 | International or National Standard | 37 | 12 | 5 |
| ISO/IEC 27002:2022 | 3430 | International or National Standard | 26 | 19 | 11 |
| EU General Data Protection Regulation (GDPR) | 2802 | Regulation or Statute | 22 | 193 | 21 |
| SOC 2®, 2022 | 3647 | Audit Guideline | 20 | 6 | 1 |
| NIST SP 800-53 R5 | 3241 | International or National Standard | 17 | 36 | 18 |
| NIST SP 800-53 Revision 5.1.1 | 3687 | International or National Standard | 17 | 2 | 2 |
| PCI DSS Defined Approach Requirements v4.0.1 | 3987 | International or National Standard | 17 | 3 | 1 |
| Digital Operational Resilience Act | 3668 | Regulations | 13 | 9 | 2 |
| HIPAA Security and Privacy Rule | 3986 | Regulations | 13 | 6 | 2 |
| NIST AI 100-1 | 3591 | Best Practice Guideline | 13 | 2 | 0 |
| HIPAA | 3201 | Bill or Act | 12 | 13 | 4 |
| ISO/IEC 27017:2015(E) | 2838 | Self-Regulatory Body Requirement | 12 | 28 | 12 |
| CIS Controls Version 8.1 | 3955 | Best Practice Guideline | 11 | 1 | 0 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | 3714 | Regulatory Directive or Guidance | 11 | 9 | 4 |
| 23 NYCRR 500 | 3686 | Regulations | 10 | 13 | 9 |
| Artificial Intelligence Act | 3972 | Regulations | 10 | 3 | 1 |
| CobiT | 102 | Safe Harbor | 10 | 168 | 2 |
| ISO 22301:2019(E) | 3454 | International or National Standard | 10 | 1 | 2 |
| NIST AI 600-1 | 3990 | International or National Standard | 10 | 1 | 1 |
| NIST 800-171 Rev 3 | 3946 | International or National Standard | 9 | 3 | 0 |
| Sarbanes-Oxley Act of 2002 | 3296 | Bill or Act | 9 | 7 | 6 |
| HIPAA HCFA | 3200 | Best Practice Guideline | 8 | 7 | 4 |
| NIST SP 800-66r2 | 3960 | International or National Standard | 8 | 3 | 0 |
| 23 NYCRR 500 | 2895 | Regulation or Statute | 7 | 40 | 13 |
| Cloud Controls Matrix, v4.0 | 3303 | Self-Regulatory Body Requirement | 7 | 10 | 1 |
| ISO 42001:2023 | 4039 | International or National Standard | 7 | 3 | 1 |
| ISO 9001:2015 | 2942 | International or National Standard | 7 | 25 | 6 |
| ISO/IEC 27018:2019 | 3429 | International or National Standard | 7 | 7 | 2 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | 3134 | International or National Standard | 7 | 20 | 10 |
| PCI DSS Defined Approach Testing Procedures v4.0.1 | 3988 | International or National Standard | 7 | 3 | 1 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | 1108 | Safe Harbor | 7 | 9 | 4 |
| Trust Services Criteria (with Revised Points of Focus – 2022) | 3609 | Self-Regulatory Body Requirement | 7 | 10 | 3 |
| 45 CFR Part 160 | 986 | Regulation or Statute | 6 | 10 | 4 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | 3007 | Best Practice Guideline | 6 | 19 | 5 |
| CCM v4.0 | 3578 | Self-Regulatory Body Requirement | 6 | 1 | 1 |
| CMMC Level 2, v2.0 | 3427 | Best Practice Guideline | 6 | 15 | 6 |
| CSF V1.1 | 3709 | International or National Standard | 6 | 3 | 0 |
| Cyber Essentials Self-Assessment, Version 13 | 3413 | Best Practice Guideline | 6 | 7 | 5 |
| FedRAMP Version 5 Moderate Baseline | 3644 | Audit Guideline | 6 | 1 | 0 |
| ISO/IEC 27701:2019 | 3020 | International or National Standard | 6 | 20 | 10 |
| NIST SP 800-53 | 902 | International or National Standard | 6 | 18 | 3 |
| PCI DSS Defined Approach Requirements, Version 4.0 | 3444 | International or National Standard | 6 | 19 | 6 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | 3445 | International or National Standard | 6 | 11 | 6 |
| 45 CFR Part 170 | 3719 | Regulations | 5 | 4 | 0 |
| Australian Government Information Security Manual, June 2024 | 3966 | International or National Standard | 5 | 2 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | 3275 | International or National Standard | 5 | 16 | 7 |
| ISO 27001-2013 | 1367 | International or National Standard | 5 | 224 | 23 |
| ISO 31000:2018 | 2936 | International or National Standard | 5 | 25 | 8 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | 3288 | Self-Regulatory Body Requirement | 5 | 7 | 3 |