| NIST CSF 2.0 |
International or National Standard |
63 |
1 |
1 |
| ISO/IEC 27001:2022 |
International or National Standard |
44 |
10 |
4 |
| CIS Controls, V8 |
Best Practice Guideline |
27 |
13 |
9 |
| NIST SP 800-53 R5 |
International or National Standard |
27 |
28 |
17 |
| ISO/IEC 27002:2022 |
International or National Standard |
25 |
11 |
10 |
| PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
24 |
10 |
5 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 |
International or National Standard |
22 |
6 |
5 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
20 |
185 |
19 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
20 |
16 |
9 |
| 23 NYCRR 500 |
Regulations |
19 |
3 |
3 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
19 |
6 |
6 |
| 23 NYCRR 500 |
Regulation or Statute |
17 |
31 |
8 |
| Gramm Leach Bliley |
Bill or Act |
17 |
11 |
0 |
| NIST SP 800-53 Revision 5.1.1 |
International or National Standard |
17 |
0 |
0 |
| SOC 2®, 2022 |
Audit Guideline |
16 |
1 |
0 |
| CMMC Level 2, v2.0 |
Best Practice Guideline |
15 |
10 |
6 |
| Digital Operational Resilience Act |
Regulations |
15 |
1 |
1 |
| FFIEC CAT |
Best Practice Guideline |
15 |
24 |
1 |
| ISO/IEC 27701:2019 |
International or National Standard |
15 |
19 |
10 |
| NIST SP 800-53 |
International or National Standard |
15 |
17 |
2 |
| ISO 27001-2013 |
International or National Standard |
14 |
218 |
23 |
| COBIT 2019 |
Safe Harbor |
13 |
9 |
2 |
| hipaa security rule |
Regulation or Statute |
13 |
5 |
1 |
| NIST AI 100-1 |
Best Practice Guideline |
13 |
1 |
0 |
| Appendix B of 12 CFR Part 30 |
Regulation or Statute |
12 |
23 |
5 |
| CSF V1.1 |
International or National Standard |
12 |
0 |
0 |
| Red Book (Condensed) |
International or National Standard |
12 |
22 |
7 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
12 |
6 |
2 |
| California Privacy Rights Act (CPRA) |
Bill or Act |
11 |
4 |
2 |
| Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
11 |
6 |
1 |
| CobiT |
Safe Harbor |
11 |
168 |
2 |
| FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 |
Audit Guideline |
11 |
13 |
0 |
| NIST Privacy Framework |
International or National Standard |
11 |
15 |
7 |
| Notice on Cyber Hygiene |
Bill or Act |
11 |
12 |
0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
10 |
18 |
4 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
10 |
45 |
2 |
| Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading |
Regulation or Statute |
10 |
10 |
2 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 |
Safe Harbor |
10 |
9 |
3 |
| Trust Services Criteria (with Revised Points of Focus - 2022) |
Self-Regulatory Body Requirement |
10 |
5 |
3 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information |
Regulation or Statute |
9 |
14 |
6 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
9 |
144 |
7 |
| CMMC Level 1, v2.0 |
Best Practice Guideline |
9 |
8 |
5 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 |
Regulatory Directive or Guidance |
9 |
1 |
1 |
| FFIEC Development Acquisition |
Best Practice Guideline |
9 |
22 |
0 |
| FFIEC Information Technology Examination Handbook - Business Continuity Management |
Audit Guideline |
9 |
20 |
5 |
| FFIEC Outsourcing Technology Services |
Best Practice Guideline |
9 |
22 |
1 |
| HIPAA HCFA |
Best Practice Guideline |
9 |
3 |
2 |
| MAS Guidelines on Outsourcing |
Bill or Act |
9 |
9 |
0 |
| MAS-TRMG-2021 |
Contractual Obligation |
9 |
16 |
0 |
| NIST SP 800-37r2 |
International or National Standard |
9 |
13 |
5 |
