Skip to content

Monthly Selected Authority Documents May, 2024

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

 

AD Common Name AD Type Selected Groups Initiatives
NIST CSF 2.0 International or National Standard 63 1 1
ISO/IEC 27001:2022 International or National Standard 44 10 4
CIS Controls, V8 Best Practice Guideline 27 13 9
NIST SP 800-53 R5 International or National Standard 27 28 17
ISO/IEC 27002:2022 International or National Standard 25 11 10
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 24 10 5
PCI DSS Defined Approach Testing Procedures, Version 4.0 International or National Standard 22 6 5
EU General Data Protection Regulation (GDPR) Regulation or Statute 20 185 19
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 20 16 9
23 NYCRR 500 Regulations 19 3 3
Sarbanes-Oxley Act of 2002 Bill or Act 19 6 6
23 NYCRR 500 Regulation or Statute 17 31 8
Gramm Leach Bliley Bill or Act 17 11 0
NIST SP 800-53 Revision 5.1.1 International or National Standard 17 0 0
SOC 2®, 2022 Audit Guideline 16 1 0
CMMC Level 2, v2.0 Best Practice Guideline 15 10 6
Digital Operational Resilience Act Regulations 15 1 1
FFIEC CAT Best Practice Guideline 15 24 1
ISO/IEC 27701:2019 International or National Standard 15 19 10
NIST SP 800-53 International or National Standard 15 17 2
ISO 27001-2013 International or National Standard 14 218 23
COBIT 2019 Safe Harbor 13 9 2
hipaa security rule Regulation or Statute 13 5 1
NIST AI 100-1 Best Practice Guideline 13 1 0
Appendix B of 12 CFR Part 30 Regulation or Statute 12 23 5
CSF V1.1 International or National Standard 12 0 0
Red Book (Condensed) International or National Standard 12 22 7
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 12 6 2
California Privacy Rights Act (CPRA) Bill or Act 11 4 2
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 11 6 1
CobiT Safe Harbor 11 168 2
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 Audit Guideline 11 13 0
NIST Privacy Framework International or National Standard 11 15 7
Notice on Cyber Hygiene Bill or Act 11 12 0
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 10 18 4
California Consumer Privacy Act of 2018 Bill or Act 10 45 2
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading Regulation or Statute 10 10 2
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 10 9 3
Trust Services Criteria (with Revised Points of Focus - 2022) Self-Regulatory Body Requirement 10 5 3
16 CFR Part 314, Standards for Safeguarding Customer Information Regulation or Statute 9 14 6
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 9 144 7
CMMC Level 1, v2.0 Best Practice Guideline 9 8 5
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 Regulatory Directive or Guidance 9 1 1
FFIEC Development Acquisition Best Practice Guideline 9 22 0
FFIEC Information Technology Examination Handbook - Business Continuity Management Audit Guideline 9 20 5
FFIEC Outsourcing Technology Services Best Practice Guideline 9 22 1
HIPAA HCFA Best Practice Guideline 9 3 2
MAS Guidelines on Outsourcing Bill or Act 9 9 0
MAS-TRMG-2021 Contractual Obligation 9 16 0
NIST SP 800-37r2 International or National Standard 9 13 5