| ISO 27001-2013 |
International or National Standard |
60 |
16 |
12 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
31 |
2 |
5 |
| PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
22 |
0 |
0 |
| CobiT |
Safe Harbor |
20 |
13 |
6 |
| NIST SP 800-53 R4 |
International or National Standard |
20 |
4 |
4 |
| NIST Framework for Improving Critical Infrastructure Cybersecurity |
International or National Standard |
17 |
9 |
7 |
| Sarbanes Oxley SOX |
Regulation or Statute |
17 |
15 |
11 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
16 |
8 |
3 |
| NIST SP 800-53 R4 Moderate Impact |
International or National Standard |
16 |
5 |
4 |
| NIST SP 800-53 |
International or National Standard |
14 |
5 |
3 |
| PCI DSS 3.1 |
Contractual Obligation |
14 |
2 |
2 |
| FFIEC Information Security |
Best Practice Guideline |
13 |
5 |
3 |
| NIST SP 800-53 R4 Low Impact |
International or National Standard |
13 |
4 |
2 |
| HIPAA |
Bill or Act |
12 |
11 |
7 |
| NIST SP 800 66 |
Safe Harbor |
11 |
9 |
6 |
| NIST SP 800-171 |
International or National Standard |
11 |
2 |
1 |
| NIST SP 800-53 R4 High Impact |
International or National Standard |
11 |
5 |
2 |
| Gramm Leach Bliley |
Bill or Act |
10 |
7 |
4 |
| ISO 31000 R 2009 |
International or National Standard |
10 |
7 |
3 |
| AICPA Trust Services |
Audit Guideline |
9 |
4 |
2 |
| ISO 27002 |
International or National Standard |
9 |
8 |
5 |
| ISO 27005 R 2011 |
International or National Standard |
9 |
7 |
5 |
| PCI DSS 3.1 SAQ D Service Provider |
Contractual Obligation |
9 |
1 |
2 |
| California OPP Notification of Security Breach |
Safe Harbor |
8 |
7 |
4 |
| CIS 20 Critical Security Controls |
Best Practice Guideline |
8 |
0 |
0 |
| COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
8 |
0 |
0 |
| Shared Assessments SIG - A. Risk Management |
Audit Guideline |
8 |
6 |
3 |
| Shared Assessments SIG - P. Privacy |
Audit Guideline |
8 |
6 |
3 |
| 45 CFR Part 164 |
Regulation or Statute |
7 |
8 |
4 |
| FedRAMP Baseline Security Controls |
Audit Guideline |
7 |
7 |
3 |
| FFIEC Management |
Best Practice Guideline |
7 |
3 |
0 |
| HIPAA Electronic Health Record Technology |
Regulation or Statute |
7 |
4 |
1 |
| HIPAA HCFA |
Best Practice Guideline |
7 |
7 |
2 |
| IIA GTAG 1 |
Best Practice Guideline |
7 |
4 |
2 |
| Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts |
Regulation or Statute |
7 |
7 |
4 |
| NIST SP 800-61 |
International or National Standard |
7 |
4 |
1 |
| PCI DSS 3.0 Requirements |
Self-Regulatory Body Requirement |
7 |
8 |
6 |
| PCI DSS Wireless Guideline |
Safe Harbor |
7 |
6 |
4 |
| PCI SAQ A v3.1 |
Contractual Obligation |
7 |
2 |
1 |
| Shared Assessments SIG - B. Security Policy |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - C. Organizational Security |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - D. Asset Management |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - E. Human Resource Security |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - F. Physical and Environmental |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - G. Communications and Operations Management |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - H. Access Control |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - I. Information Systems Acquisition Development Maintenance |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - J. Incident Event and Communications Management |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - K. Business Continuity and Disaster Recovery |
Audit Guideline |
7 |
6 |
3 |
| Shared Assessments SIG - L. Compliance |
Audit Guideline |
7 |
6 |
3 |
