Skip to content

Monthly Selected Authority Documents - August, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 97 104 20
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 52 73 8
NIST SP 800-53 R4 International or National Standard 48 49 8
EU General Data Protection Regulation (GDPR) Regulation or Statute 43 67 3
NIST SP 800-53 R4 Moderate Impact International or National Standard 42 23 6
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 40 41 4
NIST SP 800-53 R4 High Impact International or National Standard 36 80 4
Sarbanes Oxley SOX Regulation or Statute 35 74 16
ISO/IEC 27002:2013(E) International or National Standard 33 82 16
NIST SP 800-53 R4 Low Impact International or National Standard 33 19 4
HIPAA Bill or Act 32 41 8
HIPAA Electronic Health Record Technology Regulation or Statute 28 7 3
ISO 27002 International or National Standard 22 11 7
CobiT Safe Harbor 21 86 6
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 18 6 1
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 16 1 0
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 16 11 3
FedRAMP Baseline Security Controls Audit Guideline 15 36 5
NIST 800-53A International or National Standard 15 6 3
NIST Cybersecurity Framework International or National Standard 15 5 2
NIST SP 800 66 Safe Harbor 15 8 5
CSIS 20 Critical Security Controls Best Practice Guideline 14 79 4
ISO 27005 R 2011 International or National Standard 14 11 6
Gramm Leach Bliley Bill or Act 13 12 10
HIPAA HCFA Best Practice Guideline 13 16 2
ISO 31000 R 2009 International or National Standard 13 80 4
NIST Framework for Improving Critical Infrastructure Cybersecurity International or National Standard 13 17 7
ISO/IEC 27018:2014 International or National Standard 12 4 3
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 12 1 2
PCI SAQ A v3.1 Contractual Obligation 12 5 1
23 NYCRR 500 Regulation or Statute 11 0 6
CIS 20 Critical Security Controls Best Practice Guideline 11 6 2
Cloud Security Alliance CCM V1.3 Best Practice Guideline 11 12 6
Federal Information Security Management Act FISMA Regulation or Statute 11 14 4
NIST SP 800-122 International or National Standard 11 10 2
Red Book (Condensed) International or National Standard 10 1 1
HITECH title within the American Recovery and Reinvestment Act of 2009 Bill or Act 9 10 2
India Indian Info Privacy Act Regulation or Statute 9 6 0
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts Regulation or Statute 9 9 4
NIST SP 800-53 International or National Standard 9 9 3
AICPA Trust Services Audit Guideline 8 5 1
BSI-Standard 100-2 International or National Standard 8 9 0
Framework for Improving Critical Infrastructure Cybersecurity International or National Standard 8 0 0
Germany Data Protection Act Regulation or Statute 8 5 2
Insurance Data Security Model Law, NAIC MDL-668 Best Practice Guideline 8 0 0
NIST SP 800-171 International or National Standard 8 4 1
45 CFR Part 164 Regulation or Statute 7 13 6
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 7 4 1
Basel II Regulation or Statute 7 3 1
Canada Personal Information Protection Electronic Documents Act Regulation or Statute 7 6 3