NIST CSF 1.1 |
International or National Standard |
38 |
61 |
23 |
ISO/IEC 27001:2022 |
International or National Standard |
30 |
10 |
4 |
CIS Controls, V8 |
Best Practice Guideline |
28 |
13 |
9 |
EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
25 |
185 |
19 |
ISO 27001-2013 |
International or National Standard |
22 |
216 |
22 |
PCI DSS v3.2.1 |
Contractual Obligation |
20 |
8 |
4 |
PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
18 |
8 |
4 |
ISO/IEC 27002:2022 |
International or National Standard |
17 |
10 |
10 |
Sarbanes-Oxley Act of 2002 |
Bill or Act |
16 |
5 |
6 |
ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
15 |
23 |
11 |
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
14 |
6 |
2 |
23 NYCRR 500 |
Regulations |
13 |
1 |
1 |
AICPA Trust Services |
Audit Guideline |
13 |
6 |
1 |
CIS Controls, V7.1 |
Best Practice Guideline |
13 |
8 |
4 |
ISO/IEC 27018:2019 |
International or National Standard |
13 |
3 |
2 |
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
13 |
15 |
8 |
NIST SP 800-53 R5 |
International or National Standard |
13 |
27 |
17 |
ISO/IEC 27701:2019 |
International or National Standard |
12 |
18 |
9 |
AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
11 |
144 |
7 |
FFIEC Information Technology Examination Handbook - Business Continuity Management |
Audit Guideline |
11 |
20 |
5 |
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 |
Audit Guideline |
11 |
5 |
0 |
Gramm Leach Bliley |
Bill or Act |
11 |
3 |
0 |
BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
10 |
18 |
4 |
FedRAMP Security Controls Baseline, 2018 |
Audit Guideline |
10 |
1 |
4 |
FFIEC CAT |
Best Practice Guideline |
10 |
23 |
1 |
FFIEC IT Examination Handbook |
Audit Guideline |
10 |
22 |
2 |
FFIEC Outsourcing Technology Services |
Best Practice Guideline |
10 |
13 |
0 |
FINRA Report on Cybersecurity Practices |
Self-Regulatory Body Requirement |
10 |
9 |
1 |
Hong Kong Monetary Authority: The Cyber Resilience Assessment Framework, 18 May 2016 |
Best Practice Guideline |
10 |
3 |
0 |
MAS-TRMG-2021 |
Contractual Obligation |
10 |
7 |
0 |
NFA Information Systems Security Programs |
Self-Regulatory Body Requirement |
10 |
15 |
1 |
NIST CSF 1.0 |
International or National Standard |
10 |
12 |
2 |
Notice on Cyber Hygiene |
Bill or Act |
10 |
11 |
0 |
UK Data Protection Act 2018 |
Bill or Act |
10 |
20 |
0 |
Australia Privacy Amendment Act |
Regulation or Statute |
9 |
20 |
0 |
Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
9 |
5 |
0 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 |
International or National Standard |
9 |
10 |
8 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
9 |
11 |
5 |
COSO Enterprise Risk Management (2017) |
Best Practice Guideline |
9 |
25 |
9 |
COSO ERM |
Safe Harbor |
9 |
11 |
8 |
FFIEC Development Acquisition |
Best Practice Guideline |
9 |
14 |
0 |
HKMA General Principles for Technology Risk Management |
Regulation or Statute |
9 |
28 |
0 |
Hong Kong Personal Data (Privacy) Ordinance 2013 |
Bill or Act |
9 |
8 |
0 |
ISO 27002 |
International or National Standard |
9 |
8 |
4 |
MAS Guidelines on Outsourcing |
Bill or Act |
9 |
1 |
0 |
MAS TRM |
Contractual Obligation |
9 |
48 |
0 |
NIST SP 800-122 |
International or National Standard |
9 |
22 |
9 |
NIST SP 800-39 |
International or National Standard |
9 |
19 |
6 |
NIST SP 800-53 R4 |
International or National Standard |
9 |
5 |
3 |
NIST SP 800-53 Revision 5.1.1 |
International or National Standard |
9 |
0 |
0 |