Official UC blog

Monthly Selected Authority Documents November 2024

Written by Amanda B. | Dec 2, 2024 8:59:37 PM

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD_Name AD_id AD_type selected groups initiatives
ISO/IEC 27001:2022 3567 International or National Standard 42 12 4
NIST CSF 2.0 3789 International or National Standard 36 8 4
ISO/IEC 27002:2022 3430 International or National Standard 30 14 10
NIST SP 800-53 R5 3241 International or National Standard 21 33 18
Digital Operational Resilience Act 3668 Regulations 20 5 2
NIST SP 800-53 Revision 5.1.1 3687 International or National Standard 16 2 2
CIS Controls Version 8.1 3955 Best Practice Guideline 15 0 0
EU General Data Protection Regulation (GDPR) 2802 Regulation or Statute 15 190 21
PCI DSS Defined Approach Testing Procedures v4.0.1 3988 International or National Standard 15 0 0
ISO/IEC 27701:2019 3020 International or National Standard 13 20 10
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations 3134 International or National Standard 13 19 10
CMMC Level 2, v2.0 3427 Best Practice Guideline 12 13 6
HIPAA 3201 Bill or Act 12 11 4
ISO/IEC 27017:2015(E) 2838 Self-Regulatory Body Requirement 12 25 11
SOC 2®, 2022 3647 Audit Guideline 12 3 0
CobiT 102 Safe Harbor 11 168 2
PCI DSS Defined Approach Requirements v4.0.1 3987 International or National Standard 11 0 0
CIS Controls, V8 3323 Best Practice Guideline 10 15 9
CMMC Level 1, v2.0 3426 Best Practice Guideline 10 11 5
NIST CSF 1.1 2934 International or National Standard 10 66 23
Sarbanes-Oxley Act of 2002 3296 Bill or Act 10 7 6
Trust Services Criteria (with Revised Points of Focus – 2022) 3609 Self-Regulatory Body Requirement 10 9 3
45 CFR Part 160 986 Regulation or Statute 9 9 4
45 CFR Part 162 985 Regulation or Statute 9 8 4
Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 3714 Regulatory Directive or Guidance 9 7 4
PCI DSS Defined Approach Requirements, Version 4.0 3444 International or National Standard 9 17 6
Delegated regulation specifying fees for the critical ICT third-party service providers in the financial sector 3979 Regulations 8 0 0
HIPAA Electronic Health Record Technology 3208 Regulation or Statute 8 3 2
HIPAA HCFA 3200 Best Practice Guideline 8 5 4
HIPAA Security and Privacy Rule 3986 Regulations 8 2 0
hipaa security rule 3204 Regulation or Statute 8 7 2
ISO 9001:2015 2942 International or National Standard 8 23 6
NIST 800-171 Rev 3 3946 International or National Standard 8 1 0
NIST AI 100-1 3591 Best Practice Guideline 8 1 0
Regulations specifying criteria (policy) for the critical ICT third-party service providers in the financial sector 3977 Regulations 8 0 0
RTS specifying criteria regarding ICT risk management 3975 Regulations 8 0 0
RTS specifying the criteria for classification of ICT-related incidents 3976 Regulations 8 0 0
Cloud Controls Matrix, v4.0 3303 Self-Regulatory Body Requirement 7 8 1
COBIT 2019 3009 Safe Harbor 7 9 2
ISO 27001-2013 1367 International or National Standard 7 222 23
Artificial Intelligence Act 3972 Regulations 6 0 0
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements 1423 International or National Standard 6 20 1
NIST SP 800-39 2428 International or National Standard 6 22 7
NIST SP 800-66r2 3960 International or National Standard 6 1 0
PCI DSS v4.0 SAQ D Merchants 3464 Contractual Obligation 6 9 8
Security  and  Privacy  Controls  for  Federal  Information  Systems  and Organizations,  NIST  SP  800-53, Low Impact Baseline, Revision 4 3242 International or National Standard 6 5 0
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 1108 Safe Harbor 6 9 4
BSI Cloud Computing Compliance Controls Catalogue (C5) 3007 Best Practice Guideline 5 18 4
California Consumer Privacy Act of 2018 2957 Bill or Act 5 45 2
California Privacy Rights Act (CPRA) 3290 Bill or Act 5 5 3