AD Common Name |
AD Type |
Selected |
Groups |
Initiatives |
EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
41 |
185 |
19 |
NIST SP 800-53 R5 |
International or National Standard |
40 |
27 |
17 |
ISO/IEC 27001:2022 |
International or National Standard |
39 |
10 |
4 |
CIS Controls, V8 |
Best Practice Guideline |
32 |
13 |
9 |
ISO/IEC 27002:2022 |
International or National Standard |
28 |
10 |
10 |
ISO/IEC 27701:2019 |
International or National Standard |
24 |
19 |
10 |
NIST SP 800-53 Revision 5.1.1 |
International or National Standard |
24 |
0 |
0 |
ISO 27001-2013 |
International or National Standard |
23 |
217 |
23 |
23 NYCRR 500 |
Regulations |
20 |
1 |
1 |
CobiT |
Safe Harbor |
20 |
168 |
2 |
COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
20 |
24 |
8 |
NIST CSF 1.1 |
International or National Standard |
20 |
61 |
23 |
23 NYCRR 500 |
Regulation or Statute |
19 |
28 |
6 |
NIST AI 100-1 |
Best Practice Guideline |
19 |
1 |
0 |
California Consumer Privacy Act of 2018 |
Bill or Act |
18 |
45 |
2 |
CMMC Level 2, v2.0 |
Best Practice Guideline |
18 |
10 |
6 |
Digital Operational Resilience Act |
Regulations |
18 |
1 |
1 |
hipaa security rule |
Regulation or Statute |
18 |
5 |
1 |
Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
16 |
6 |
1 |
California Privacy Rights Act (CPRA) |
Bill or Act |
15 |
4 |
2 |
CSF V1.1 |
International or National Standard |
15 |
0 |
0 |
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
15 |
16 |
9 |
PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
15 |
9 |
5 |
Sarbanes-Oxley Act of 2002 |
Bill or Act |
15 |
5 |
6 |
Trust Services Criteria (with Revised Points of Focus - 2022) |
Self-Regulatory Body Requirement |
15 |
5 |
3 |
AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
14 |
144 |
7 |
FedRAMP Baseline Security Controls |
Audit Guideline |
14 |
129 |
0 |
ISO 9001:2015 |
International or National Standard |
14 |
22 |
6 |
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 |
Regulatory Directive or Guidance |
13 |
1 |
1 |
NIST SP 800-53 R4 |
International or National Standard |
13 |
5 |
3 |
AICPA/CICA Privacy Management Framework |
Best Practice Guideline |
12 |
0 |
0 |
Cross Border Privacy Assessment |
Best Practice Guideline |
12 |
3 |
1 |
ISO 22301:2019(E) |
International or National Standard |
12 |
1 |
2 |
NIST SP 800 66 |
Safe Harbor |
12 |
31 |
1 |
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 |
International or National Standard |
12 |
6 |
0 |
SOC 2®, 2022 |
Audit Guideline |
12 |
0 |
0 |
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 |
Safe Harbor |
12 |
9 |
3 |
AICPA Privacy |
Safe Harbor |
11 |
6 |
1 |
CMMC Level 1, v2.0 |
Best Practice Guideline |
11 |
8 |
5 |
Cyber Essentials Scheme (CES) Questionnaire |
Best Practice Guideline |
11 |
7 |
5 |
Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts, European Commission |
Best Practice Guideline |
11 |
3 |
1 |
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements |
International or National Standard |
11 |
19 |
1 |
ISO 31000 R 2009 |
International or National Standard |
11 |
170 |
1 |
ISO 31000:2018 |
International or National Standard |
11 |
24 |
7 |
PCI DSS Testing Procedures v3.2 |
Contractual Obligation |
11 |
29 |
2 |
PCI DSS v3.2.1 |
Contractual Obligation |
11 |
8 |
4 |
Personal Information Protection Law of the People's Republic of China |
Bill or Act |
11 |
2 |
1 |
COBIT 2019 |
Safe Harbor |
10 |
5 |
2 |
Cyber Essentials Self-Assessment, Version 13 |
Best Practice Guideline |
10 |
5 |
5 |
EU-US Privacy Shield Framework Principles Annex II |
Regulation or Statute |
10 |
2 |
0 |