Skip to content

Monthly Selected Authority Documents  February, 2024

Matt H.

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name AD Type Selected Groups Initiatives
EU General Data Protection Regulation (GDPR) Regulation or Statute 41 185 19
NIST SP 800-53 R5 International or National Standard 40 27 17
ISO/IEC 27001:2022 International or National Standard 39 10 4
CIS Controls, V8 Best Practice Guideline 32 13 9
ISO/IEC 27002:2022 International or National Standard 28 10 10
ISO/IEC 27701:2019 International or National Standard 24 19 10
NIST SP 800-53 Revision 5.1.1 International or National Standard 24 0 0
ISO 27001-2013 International or National Standard 23 217 23
23 NYCRR 500 Regulations 20 1 1
CobiT Safe Harbor 20 168 2
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 20 24 8
NIST CSF 1.1 International or National Standard 20 61 23
23 NYCRR 500 Regulation or Statute 19 28 6
NIST AI 100-1 Best Practice Guideline 19 1 0
California Consumer Privacy Act of 2018 Bill or Act 18 45 2
CMMC Level 2, v2.0 Best Practice Guideline 18 10 6
Digital Operational Resilience Act Regulations 18 1 1
hipaa security rule Regulation or Statute 18 5 1
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 16 6 1
California Privacy Rights Act (CPRA) Bill or Act 15 4 2
CSF V1.1 International or National Standard 15 0 0
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 15 16 9
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 15 9 5
Sarbanes-Oxley Act of 2002 Bill or Act 15 5 6
Trust Services Criteria (with Revised Points of Focus - 2022) Self-Regulatory Body Requirement 15 5 3
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 14 144 7
FedRAMP Baseline Security Controls Audit Guideline 14 129 0
ISO 9001:2015 International or National Standard 14 22 6
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 Regulatory Directive or Guidance 13 1 1
NIST SP 800-53 R4 International or National Standard 13 5 3
AICPA/CICA Privacy Management Framework Best Practice Guideline 12 0 0
Cross Border Privacy Assessment Best Practice Guideline 12 3 1
ISO 22301:2019(E) International or National Standard 12 1 2
NIST SP 800 66 Safe Harbor 12 31 1
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 International or National Standard 12 6 0
SOC 2®, 2022 Audit Guideline 12 0 0
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 12 9 3
AICPA Privacy Safe Harbor 11 6 1
CMMC Level 1, v2.0 Best Practice Guideline 11 8 5
Cyber Essentials Scheme (CES) Questionnaire Best Practice Guideline 11 7 5
Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts, European Commission Best Practice Guideline 11 3 1
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements International or National Standard 11 19 1
ISO 31000 R 2009 International or National Standard 11 170 1
ISO 31000:2018 International or National Standard 11 24 7
PCI DSS Testing Procedures v3.2 Contractual Obligation 11 29 2
PCI DSS v3.2.1 Contractual Obligation 11 8 4
Personal Information Protection Law of the People's Republic of China Bill or Act 11 2 1
COBIT 2019 Safe Harbor 10 5 2
Cyber Essentials Self-Assessment, Version 13 Best Practice Guideline 10 5 5
EU-US Privacy Shield Framework Principles Annex II Regulation or Statute 10 2 0