Skip to content

Monthly Selected Authority Documents - February, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 40 187 11
NIST SP 800-53 R5 International or National Standard 29 9 5
EU General Data Protection Regulation (GDPR) Regulation or Statute 23 164 10
NIST CSF 1.1 International or National Standard 17 34 13
Sarbanes-Oxley Act of 2002 Bill or Act 17 2 3
CIS Controls, V8 Best Practice Guideline 15 0 1
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 15 147 4
CobiT Safe Harbor 14 162 1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 14 4 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 13 3 0
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 13 4 3
ISO/IEC 27701:2019 International or National Standard 12 12 3
MAS TRM Contractual Obligation 12 36 0
HIPAA Bill or Act 11 10 5
hipaa security rule Regulation or Statute 11 5 1
ISO/IEC 27002:2013(E) International or National Standard 11 139 7
SOC2 Safe Harbor 11 0 0
MAS Guidelines on Outsourcing Bill or Act 10 0 0
MAS-TRMG-2021 Contractual Obligation 10 3 0
NIST CSF 1.0 International or National Standard 10 11 2
Notice on Cyber Hygiene Bill or Act 10 0 0
Notice on Technology Risk Management, Notice No. CMG-N02 Self-Regulatory Body Requirement 10 38 0
Singapore Personal Data Protection Act 2012 Regulation or Statute 10 1 0
Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium Best Practice Guideline 10 1 0
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 9 137 4
Gramm Leach Bliley Bill or Act 9 0 1
NIST SP 800-37r2 International or National Standard 9 10 4
FedRAMP Security Controls Baseline, 2018 Audit Guideline 8 1 4
ISO 27002 International or National Standard 8 7 2
ISO 9001:2015 International or National Standard 8 18 2
Notice No.: CMG-N02, Notice On Technology Risk Management Self-Regulatory Body Requirement 8 2 0
PCI SAQ A v3.2 Contractual Obligation 8 6 3
Singapore Corporate Governance Regulation or Statute 8 6 0
Singapore Personal Data Protection Act 2012 (No. 26 of 2012) Revised Edition 2021 Regulation or Statute 8 0 0
CMMC Level 1 Best Practice Guideline 7 4 2
CMMC Level 3 Best Practice Guideline 7 4 3
COBIT 2019 Safe Harbor 7 5 2
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements International or National Standard 7 13 0
ISO 27005 R 2011 International or National Standard 7 12 3
NIST SP 800-171 International or National Standard 7 3 1
PCI DSS 3.0 Requirements Self-Regulatory Body Requirement 7 95 1
PCI DSS Testing Procedures v3.2 Contractual Obligation 7 24 2
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 7 4 2
23 NYCRR 500 Regulation or Statute 6 9 3
California Consumer Privacy Act of 2018 Bill or Act 6 39 1
CMMC Level 5 Best Practice Guideline 6 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 6 5 3
ITIL Foundation 4 Best Practice Guideline 6 0 0
NIST Privacy Framework International or National Standard 6 9 2
NIST SP 800-53 R4 International or National Standard 6 4 3