PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
27 |
8 |
3 |
NIST SP 800-53 R5 |
International or National Standard |
22 |
26 |
15 |
NIST CSF 1.1 |
International or National Standard |
20 |
57 |
22 |
ISO/IEC 27001:2022 |
International or National Standard |
19 |
6 |
3 |
CIS Controls, V8 |
Best Practice Guideline |
16 |
10 |
8 |
PCI DSS v3.2.1 |
Contractual Obligation |
12 |
8 |
4 |
Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
11 |
3 |
0 |
EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
11 |
184 |
18 |
Sarbanes-Oxley Act of 2002 |
Bill or Act |
11 |
5 |
6 |
ISO 27001-2013 |
International or National Standard |
10 |
213 |
21 |
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
10 |
13 |
8 |
NIST SP 800-53 |
International or National Standard |
10 |
17 |
1 |
23 NYCRR 500 |
Regulation or Statute |
9 |
26 |
4 |
NIST SP 800-39 |
International or National Standard |
9 |
19 |
6 |
BSI Cloud Computing Compliance Controls Catalogue (C5) |
Best Practice Guideline |
8 |
18 |
4 |
hipaa security rule |
Regulation or Statute |
8 |
5 |
1 |
California Consumer Privacy Act of 2018 |
Bill or Act |
7 |
44 |
1 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
7 |
9 |
5 |
ISO/IEC 27002:2022 |
International or National Standard |
7 |
3 |
5 |
NIST SP 800-37r2 |
International or National Standard |
7 |
13 |
5 |
PCI DSS v4.0 SAQ D Merchants |
Contractual Obligation |
7 |
2 |
1 |
AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
6 |
144 |
6 |
Basel II |
Regulation or Statute |
6 |
12 |
0 |
California Privacy Rights Act (CPRA) |
Bill or Act |
6 |
3 |
1 |
CobiT |
Safe Harbor |
6 |
167 |
1 |
COBIT 2019 |
Safe Harbor |
6 |
5 |
2 |
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8 |
Organizational Directive |
6 |
4 |
1 |
ISO 27002 |
International or National Standard |
6 |
8 |
4 |
Kansas Statutes, Protection Of Consumer Information |
Regulation or Statute |
6 |
0 |
0 |
Nevada Revised Statutes, Chapter 603A |
Regulation or Statute |
6 |
2 |
0 |
NIST AI 100-1 |
Best Practice Guideline |
6 |
0 |
0 |
NIST Privacy Framework |
International or National Standard |
6 |
15 |
7 |
PCI DSS v4 SAQ D for Service Providers |
Self-Regulatory Body Requirement |
6 |
0 |
0 |
Red Book (Condensed) |
International or National Standard |
6 |
13 |
7 |
Trust Services Criteria (with Revised Points of Focus - 2022) |
Self-Regulatory Body Requirement |
6 |
0 |
0 |
3 CCR 702-6 |
Regulation or Statute |
5 |
1 |
0 |
Alaska Personal Information Protection Act, Chapter 48 |
Regulation or Statute |
5 |
2 |
1 |
Arkansas Personal Information Protection Act |
Regulation or Statute |
5 |
1 |
0 |
Canada Personal Information Protection Electronic Documents Act |
Regulation or Statute |
5 |
1 |
2 |
Childrens Online Privacy Protection Act |
Regulation or Statute |
5 |
6 |
0 |
Code of Alabama, Sections 13A-8-190 thru 13A-8-201 |
Regulation or Statute |
5 |
3 |
2 |
Consumer Data Protection Act |
Bill or Act |
5 |
0 |
0 |
COSO ERM |
Safe Harbor |
5 |
11 |
8 |
Delaware Code, Title 6, Subtitle II, Chapter 12B, Sections 12B-101 thru 104 |
Regulation or Statute |
5 |
1 |
0 |
FedRAMP Baseline Security Controls |
Audit Guideline |
5 |
129 |
0 |
FINRA Report on Cybersecurity Practices |
Self-Regulatory Body Requirement |
5 |
9 |
1 |
Florida Statute ยง 501.171 Security of confidential personal information |
Regulation or Statute |
5 |
1 |
0 |
General Laws of Massachusetts, Chapter 93H, Security Breaches |
Regulation or Statute |
5 |
2 |
0 |
Guam Notification of Breaches of Personal Information |
Regulation or Statute |
5 |
0 |
0 |
Hawaii Revised Statute, Section 487N, Security Breach of Personal Information |
Regulation or Statute |
5 |
0 |
0 |