Skip to content

Monthly Selected Authority Documents  December, 2023

 

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name AD Type Selected Groups Initiatives
NIST CSF 1.1 International or National Standard 38 61 23
ISO/IEC 27001:2022 International or National Standard 30 10 4
CIS Controls, V8 Best Practice Guideline 28 13 9
EU General Data Protection Regulation (GDPR) Regulation or Statute 25 185 19
ISO 27001-2013 International or National Standard 22 216 22
PCI DSS v3.2.1 Contractual Obligation 20 8 4
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 18 8 4
ISO/IEC 27002:2022 International or National Standard 17 10 10
Sarbanes-Oxley Act of 2002 Bill or Act 16 5 6
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 15 23 11
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 14 6 2
23 NYCRR 500 Regulations 13 1 1
AICPA Trust Services Audit Guideline 13 6 1
CIS Controls, V7.1 Best Practice Guideline 13 8 4
ISO/IEC 27018:2019 International or National Standard 13 3 2
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 13 15 8
NIST SP 800-53 R5 International or National Standard 13 27 17
ISO/IEC 27701:2019 International or National Standard 12 18 9
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 11 144 7
FFIEC Information Technology Examination Handbook - Business Continuity Management Audit Guideline 11 20 5
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 Audit Guideline 11 5 0
Gramm Leach Bliley Bill or Act 11 3 0
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 10 18 4
FedRAMP Security Controls Baseline, 2018 Audit Guideline 10 1 4
FFIEC CAT Best Practice Guideline 10 23 1
FFIEC IT Examination Handbook Audit Guideline 10 22 2
FFIEC Outsourcing Technology Services Best Practice Guideline 10 13 0
FINRA Report on Cybersecurity Practices Self-Regulatory Body Requirement 10 9 1
Hong Kong Monetary Authority: The Cyber Resilience Assessment Framework, 18 May 2016 Best Practice Guideline 10 3 0
MAS-TRMG-2021 Contractual Obligation 10 7 0
NFA Information Systems Security Programs Self-Regulatory Body Requirement 10 15 1
NIST CSF 1.0 International or National Standard 10 12 2
Notice on Cyber Hygiene Bill or Act 10 11 0
UK Data Protection Act 2018 Bill or Act 10 20 0
Australia Privacy Amendment Act Regulation or Statute 9 20 0
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 9 5 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 9 10 8
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 9 11 5
COSO Enterprise Risk Management (2017) Best Practice Guideline 9 25 9
COSO ERM Safe Harbor 9 11 8
FFIEC Development Acquisition Best Practice Guideline 9 14 0
HKMA General Principles for Technology Risk Management Regulation or Statute 9 28 0
Hong Kong Personal Data (Privacy) Ordinance 2013 Bill or Act 9 8 0
ISO 27002 International or National Standard 9 8 4
MAS Guidelines on Outsourcing Bill or Act 9 1 0
MAS TRM Contractual Obligation 9 48 0
NIST SP 800-122 International or National Standard 9 22 9
NIST SP 800-39 International or National Standard 9 19 6
NIST SP 800-53 R4 International or National Standard 9 5 3
NIST SP 800-53 Revision 5.1.1 International or National Standard 9 0 0