Skip to content

Monthly Selected Authority Documents March 2025

Amanda B.

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD_name AD_id AD_type selected groups initiatives
ISO/IEC 27001:2022 3567 International or National Standard 37 14 4
NIST CSF 2.0 3789 International or National Standard 31 7 4
Digital Operational Resilience Act 3668 Regulations 25 7 2
EU General Data Protection Regulation (GDPR) 2802 Regulation or Statute 24 192 21
NIST SP 800-53 R5 3241 International or National Standard 21 32 18
ISO/IEC 27002:2022 3430 International or National Standard 20 15 10
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 3714 Regulatory Directive or Guidance 16 9 4
NIST SP 800-53 Revision 5.1.1 3687 International or National Standard 16 2 2
SOC 2®, 2022 3647 Audit Guideline 16 4 1
ISO/IEC 27701:2019 3020 International or National Standard 15 20 10
PCI DSS Defined Approach Requirements v4.0.1 3987 International or National Standard 15 2 0
CIS Controls, V8 3323 Best Practice Guideline 13 15 9
NIST AI 100-1 3591 Best Practice Guideline 13 2 0
Artificial Intelligence Act 3972 Regulations 12 3 1
CobiT 102 Safe Harbor 12 168 2
Cross Border Privacy Assessment 166 Best Practice Guideline 12 3 1
23 NYCRR 500 3686 Regulations 11 10 8
NIST 800-171 Rev 3 3946 International or National Standard 11 1 0
California Privacy Rights Act (CPRA) 3290 Bill or Act 10 5 3
ISO 31000:2018 2936 International or National Standard 10 25 8
ISO 42001:2023 4039 International or National Standard 10 0 0
ISO 9001:2015 2942 International or National Standard 10 23 6
NIST SP 800-39 2428 International or National Standard 10 21 7
Sarbanes-Oxley Act of 2002 3296 Bill or Act 10 7 6
CMMC Level 2, v2.0 3427 Best Practice Guideline 9 12 6
Harmonized Rules On Artificial Intelligence (Artificial Intelligence Act) and Ameding Certain Union Legislative Acts, European Commission 3320 Best Practice Guideline 9 8 1
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements 1423 International or National Standard 9 20 1
ISO 31000 R 2009 1093 International or National Standard 9 171 1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations 3134 International or National Standard 9 18 10
NIST SP 800-53 902 International or National Standard 9 18 3
23 NYCRR 500 2895 Regulation or Statute 8 38 13
Basel II 10 Regulation or Statute 8 25 0
California Consumer Privacy Act of 2018 2957 Bill or Act 8 45 2
Cloud Controls Matrix, v4.0 3303 Self-Regulatory Body Requirement 8 8 1
FedRAMP Version 5 Moderate Baseline 3644 Audit Guideline 8 0 0
NIST AI 600-1 3990 International or National Standard 8 0 0
NIST Privacy Framework 3087 International or National Standard 8 15 8
PIPEDA 2937 Bill or Act 8 2 2
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 1108 Safe Harbor 8 9 4
CIS Controls Version 8.1 3955 Best Practice Guideline 7 0 0
CMMC Level 1, v2.0 3426 Best Practice Guideline 7 10 5
FedRAMP Baseline Security Controls 1263 Audit Guideline 7 129 0
ISO/IEC 27017:2015(E) 2838 Self-Regulatory Body Requirement 7 25 11
PCI DSS Defined Approach Testing Procedures v4.0.1 3988 International or National Standard 7 2 0
TSP Section 100: 2017  Trust  Services  Criteria for  Security,  Availability, Processing  Integrity,  Confidentiality, and Privacy 3288 Self-Regulatory Body Requirement 7 7 3
Australian Government Information Security Manual Controls 1266 International or National Standard 6 3 0
COBIT 2019 3009 Safe Harbor 6 9 2
COSO Internal Control - Integrated Framework 1578 Self-Regulatory Body Requirement 6 24 8
FedRAMP Security Controls Baseline, 2018 3017 Audit Guideline 6 1 4
HIPAA 3201 Bill or Act 6 11 4