Skip to content

Monthly Selected Authority Documents - December, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 71 117 21
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 36 53 5
NIST SP 800-53 R4 International or National Standard 34 61 8
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 31 85 9
EU General Data Protection Regulation (GDPR) Regulation or Statute 30 79 4
NIST SP 800-53 R4 Moderate Impact International or National Standard 25 29 6
NIST Cybersecurity Framework International or National Standard 23 7 2
NIST SP 800-53 R4 High Impact International or National Standard 23 91 4
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 22 1 1
Sarbanes Oxley SOX Regulation or Statute 22 85 16
HIPAA Bill or Act 19 48 8
ISO/IEC 27018:2014 International or National Standard 18 4 3
CIS Controls V7 Best Practice Guideline 16 0 0
NIST SP 800-53 R4 Low Impact International or National Standard 16 24 4
NIST SP 800 66 Safe Harbor 15 9 5
Red Book (Condensed) International or National Standard 15 1 1
ISO/IEC 27002:2013(E) International or National Standard 14 93 17
23 NYCRR 500 Regulation or Statute 13 0 6
California Civil Code Section 1798.80-1798.84 Regulation or Statute 12 8 4
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 12 6 1
FedRAMP Baseline Security Controls Audit Guideline 11 49 5
HIPAA Electronic Health Record Technology Regulation or Statute 11 7 3
PCI SAQ A v3.1 Contractual Obligation 11 5 1
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 10 4 1
ARMA Generally Accepted Recordkeeping Principles® International or National Standard 10 1 0
CIS 20 Critical Security Controls Best Practice Guideline 10 6 2
NIST SP 800-53 International or National Standard 10 9 3
45 CFR Part 164 Regulation or Statute 9 13 6
CobiT Safe Harbor 9 97 6
FFIEC CAT Best Practice Guideline 9 0 0
ISO 27005 R 2011 International or National Standard 9 11 6
45 CFR Part 160 Regulation or Statute 8 7 1
45 CFR Part 162 Regulation or Statute 8 3 1
Cloud Security Alliance CCM V1.3 Best Practice Guideline 8 12 6
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 0 0
Gramm Leach Bliley Bill or Act 8 12 10
ISO 31000 R 2009 International or National Standard 8 93 4
NIST Framework for Improving Critical Infrastructure Cybersecurity International or National Standard 8 17 7
PCI DSS 3.0 Requirements Self-Regulatory Body Requirement 8 25 6
RWC 42.56.590 Personal information--Notice of security breaches Regulation or Statute 8 0 0
California Civil Code Section 1798.29, Accounting of Disclosures Regulation or Statute 7 0 0
COSO ERM Safe Harbor 7 5 3
CSIS 20 Critical Security Controls Best Practice Guideline 7 90 4
DIRKS Best Practice Guideline 7 1 1
HIPAA HCFA Best Practice Guideline 7 18 2
ISO 15489 1 International or National Standard 7 2 3
ISO 15489 2 International or National Standard 7 3 4
NFA Information Systems Security Programs Self-Regulatory Body Requirement 7 0 0
NIST 800-53A International or National Standard 7 6 3
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 7 1 2