Skip to content

Monthly Selected Authority Documents - August, 2020

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 49 160 7
NIST SP 800-53 R4 International or National Standard 36 119 6
EU General Data Protection Regulation (GDPR) Regulation or Statute 35 142 7
NIST CSF 1.1 International or National Standard 28 25 4
CobiT Safe Harbor 26 141 1
NIST SP 800-53 R4 High Impact International or National Standard 26 150 4
NIST SP 800-53 International or National Standard 25 11 0
PCI DSS 3.2 SAQ D Service Provider Contractual Obligation 24 2 2
NIST SP 800-53 R4 Moderate Impact International or National Standard 23 60 5
Sarbanes Oxley SOX Regulation or Statute 23 129 1
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 22 134 2
FedRAMP Baseline Security Controls Audit Guideline 20 103 0
ISO/IEC 27002:2013(E) International or National Standard 20 129 1
ISO/IEC 27018:2014 International or National Standard 19 7 0
ISO 27002 International or National Standard 17 3 1
NIST SP 800-53 R4 Low Impact International or National Standard 17 60 5
CMMC Level 2 Best Practice Guideline 16 0 0
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 15 115 3
CMMC Level 1 Best Practice Guideline 15 0 0
CMMC Level 5 Best Practice Guideline 15 0 0
HIPAA Bill or Act 15 83 1
ISO/IEC 27701:2019 International or National Standard 15 7 0
CIS Controls V7 Best Practice Guideline 14 18 1
Gramm Leach Bliley Bill or Act 13 7 0
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 13 8 1
NIST CSF 1.0 International or National Standard 13 11 1
NIST SP 800 66 Safe Harbor 13 11 1
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 12 11 0
CMMC Level 3 Best Practice Guideline 12 0 0
NIST 800-53A International or National Standard 12 4 1
CSIS 20 Critical Security Controls Best Practice Guideline 11 138 0
FedRAMP Security Controls Baseline, 2018 Audit Guideline 11 0 2
FFIEC CAT Best Practice Guideline 11 8 1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 11 0 0
CMMC Level 4 Best Practice Guideline 10 0 0
HIPAA Electronic Health Record Technology Regulation or Statute 10 4 3
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 9 2 0
Cloud Security Alliance CCM V1.3 Best Practice Guideline 9 4 0
ISO 27005 R 2011 International or National Standard 9 9 1
ISO 31000 R 2009 International or National Standard 9 142 2
MAS TRM Contractual Obligation 9 29 0
NIST SP 800-171 International or National Standard 9 2 1
21 CFR Part 11 Regulation or Statute 8 10 0
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 4 1
FFIEC Retail Payment Systems 2016 Best Practice Guideline 8 2 0
ISO 9001:2015 International or National Standard 8 7 0
NIST Privacy Framework International or National Standard 8 3 0
PCI DSS Testing Procedures v3.2 Contractual Obligation 8 8 0
AICPA Trust Services Audit Guideline 7 4 0
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 7 7 0