Skip to content

Monthly Selected Authority Documents June, 2024

Matt H.

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD_common_name AD_type Selected Groups Initiatives
NIST CSF 2.0 International or National Standard 49 2 1
CIS Controls, V8 Best Practice Guideline 31 13 9
ISO/IEC 27001:2022 International or National Standard 31 10 4
NIST SP 800-53 Revision 5.1.1 International or National Standard 29 0 0
EU General Data Protection Regulation (GDPR) Regulation or Statute 24 187 19
HIPAA Bill or Act 22 10 4
ISO/IEC 27002:2022 International or National Standard 22 11 10
Sarbanes-Oxley Act of 2002 Bill or Act 21 6 6
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 20 11 5
23 NYCRR 500 Regulations 16 3 3
NIST SP 800-53 R5 International or National Standard 16 28 17
California Privacy Rights Act (CPRA) Bill or Act 15 4 2
CMMC Level 2, v2.0 Best Practice Guideline 15 10 6
hipaa security rule Regulation or Statute 15 5 1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 15 16 9
SOC 2®, 2022 Audit Guideline 15 1 0
Childrens Online Privacy Protection Act Regulation or Statute 14 6 0
CobiT Safe Harbor 14 168 2
NIST AI 100-1 Best Practice Guideline 14 1 0
NIST SP 800-53 International or National Standard 14 18 3
California Consumer Privacy Act of 2018 Bill or Act 13 45 2
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 13 6 1
Digital Operational Resilience Act Regulations 12 2 1
ISO 27001-2013 International or National Standard 11 218 23
ISO/IEC 27701:2019 International or National Standard 11 19 10
Red Book (Condensed) International or National Standard 11 22 7
COBIT 2019 Safe Harbor 10 9 2
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 10 24 8
FFIEC CAT Best Practice Guideline 10 24 1
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts Regulation or Statute 10 7 5
NIST Privacy Framework International or National Standard 10 15 7
NIST SP 800-161, Revision 1, Appendix A, C-SCRM Baseline Controls International or National Standard 10 0 0
NIST SP 800-161, Revision 1, Appendix A, C-SCRM Level 2 Controls International or National Standard 10 0 0
NIST SP 800-37r2 International or National Standard 10 13 5
Trust Services Criteria (with Revised Points of Focus – 2022) Self-Regulatory Body Requirement 10 5 3
16 CFR Part 310 Regulation or Statute 9 0 0
16 CFR Part 310 Amendments Regulation or Statute 9 0 0
Australian Privacy Act Bill or Act 9 2 0
CAN SPAM Act of 2003 Regulation or Statute 9 0 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 9 6 3
COPPA Regulation or Statute 9 1 0
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 Regulatory Directive or Guidance 9 3 1
HIPAA HCFA Best Practice Guideline 9 3 2
ISO 27002 International or National Standard 9 8 5
ISO 31000 R 2009 International or National Standard 9 170 1
NIST SP 800-161 r1 International or National Standard 9 1 0
NIST SP 800-161, Revision 1, Appendix A, C-SCRM Level 1 Controls International or National Standard 9 0 0
PCI DSS v4 SAQ D for Service Providers Self-Regulatory Body Requirement 9 0 0
42 CFR Parts 412, 413, 422 et al. Regulation or Statute 8 0 2
California Civil Code Section 1798.80-1798.84 Regulation or Statute 8 4 1