Official UC blog

Monthly Selected Authority Documents - August, 2021

Written by UCF | Sep 1, 2021 6:35:01 AM

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
EU General Data Protection Regulation (GDPR) Regulation or Statute 37 164 10
ISO 27001-2013 International or National Standard 37 186 8
NIST CSF 1.1 International or National Standard 30 34 9
NIST SP 800-53 R5 International or National Standard 20 7 3
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 19 143 4
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 16 137 4
CIS Controls, V8 Best Practice Guideline 16 0 0
CMMC Level 3 Best Practice Guideline 15 2 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 15 1 0
HIPAA Bill or Act 13 9 4
hipaa security rule Regulation or Statute 13 4 1
HKMA General Principles for Technology Risk Management Regulation or Statute 13 18 0
MAS TRM Contractual Obligation 13 36 0
CobiT Safe Harbor 12 162 1
FedRAMP Baseline Security Controls Audit Guideline 12 124 0
ISO/IEC 27701:2019 International or National Standard 12 11 3
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 12 2 2
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 12 1 0
Australian Government Information Security Manual Controls International or National Standard 11 3 0
ISO 27002 International or National Standard 11 7 2
NIST SP 800-53 International or National Standard 11 16 1
PCI DSS 3.2 SAQ D Merchant Contractual Obligation 11 4 0
Sarbanes-Oxley Act of 2002 Bill or Act 11 2 0
23 NYCRR 500 Regulation or Statute 10 9 3
India Indian Info Privacy Act Regulation or Statute 10 15 0
Notice No.: CMG-N02, Notice On Technology Risk Management Self-Regulatory Body Requirement 10 2 0
Risk Management of E-banking Contractual Obligation 10 18 0
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 10 9 3
CMMC Level 4 Best Practice Guideline 9 2 0
CMMC Level 5 Best Practice Guideline 9 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 9 2 3
COSO Enterprise Risk Management (2017) Best Practice Guideline 9 10 3
Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds Best Practice Guideline 9 22 0
HKMA-2001-12-28 - Supervisory Policy Manual (SA-2) Outsourcing Regulation or Statute 9 0 0
ISO/IEC 27002:2013(E) International or National Standard 9 138 4
ISO/IEC 27018:2014 International or National Standard 9 15 2
MAS-TRMG-2021 Contractual Obligation 9 2 0
NIST SP 800-172 International or National Standard 9 1 0
Notice on Technology Risk Management, Notice No. CMG-N02 Self-Regulatory Body Requirement 9 38 0
Risk Management of E-banking V.3 Contractual Obligation 9 2 0
SWIFT Customer Security Controls Framework Best Practice Guideline 9 0 0
APRA PPG 234 Safe Harbor 8 0 0
APRA PPG 234 Safe Harbor 8 8 0
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 10 2
FFIEC IT Examination Handbook Audit Guideline 8 11 2
NIST SP 800-53 R4 High Impact, Deprecated International or National Standard 8 168 4
NIST SP 800-53 R4, Deprecated International or National Standard 8 139 7
PCI SAQ A v3.2 Contractual Obligation 8 3 3
Singapore Corporate Governance Regulation or Statute 8 6 0
ACSI 33 Best Practice Guideline 7 1 0