Skip to content

Monthly Selected Authority Documents - July, 2021

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
EU General Data Protection Regulation (GDPR) Regulation or Statute 35 164 10
ISO 27001-2013 International or National Standard 35 186 8
NIST CSF 1.1 International or National Standard 32 34 9
CIS Controls, V7.1 Best Practice Guideline 31 5 2
NIST SP 800-53 R5 International or National Standard 31 7 3
ISO/IEC 27002:2013(E) International or National Standard 27 138 4
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 25 143 4
ISO/IEC 27701:2019 International or National Standard 22 11 3
hipaa security rule Regulation or Statute 21 4 1
CMMC Level 3 Best Practice Guideline 20 2 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 17 1 0
Sarbanes-Oxley Act of 2002 Bill or Act 17 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 16 2 3
HIPAA Bill or Act 14 9 4
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 13 9 0
CMMC Level 1 Best Practice Guideline 13 2 2
CMMC Level 4 Best Practice Guideline 13 2 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 International or National Standard 13 1 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 13 3 3
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 13 2 2
23 NYCRR 500 Regulation or Statute 12 9 3
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 12 137 4
CMMC Level 2 Best Practice Guideline 12 2 2
CMMC Level 5 Best Practice Guideline 12 2 0
COBIT 2019 Safe Harbor 12 5 2
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 12 12 4
CobiT Safe Harbor 11 162 1
ITIL Foundation 4 Best Practice Guideline 11 0 0
Red Book (Condensed) International or National Standard 11 6 4
CIS Controls V7 Best Practice Guideline 10 25 2
EBA/GL/2019/02 Regulation or Statute 10 2 0
EBA/GL/2019/04 Regulation or Statute 10 3 0
Insurance Data Security Model Law, NAIC MDL-668 Best Practice Guideline 10 1 2
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 10 1 0
PCI DSS 3.2 SAQ D Merchant Contractual Obligation 10 4 0
PCI SAQ A v3.2 Contractual Obligation 10 3 3
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 International or National Standard 10 5 0
APRA CPS 234 Regulation or Statute 9 3 0
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 9 12 2
HIPAA Electronic Health Record Technology Regulation or Statute 9 1 1
HIPAA HCFA Best Practice Guideline 9 2 2
ISO 9001:2015 International or National Standard 9 18 2
ISO/IEC 27018:2014 International or National Standard 9 15 2
MAS TRM Contractual Obligation 9 36 0
NIST Privacy Framework International or National Standard 9 9 2
NIST SP 800-37r2 International or National Standard 9 9 4
Cloud Security Guidance Best Practice Guideline 8 3 0
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 10 2
FedRAMP Baseline Security Controls Audit Guideline 8 124 0
FedRAMP Security Controls Baseline, 2018 Audit Guideline 8 1 4