Skip to content

Monthly Selected Authority Documents - June, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 96 173 22
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 64 138 11
NIST SP 800-53 R4 International or National Standard 57 117 13
Sarbanes Oxley SOX Regulation or Statute 41 139 17
EU General Data Protection Regulation (GDPR) Regulation or Statute 38 136 8
NIST CSF 1.1 International or National Standard 38 4 0
NIST SP 800-53 R4 Moderate Impact International or National Standard 38 60 10
NIST SP 800-53 R4 High Impact International or National Standard 37 144 9
ISO/IEC 27002:2013(E) International or National Standard 30 145 17
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 29 101 6
HIPAA Bill or Act 29 88 8
CIS Controls V7 Best Practice Guideline 28 5 0
CobiT Safe Harbor 28 152 6
NIST SP 800-53 R4 Low Impact International or National Standard 28 51 9
FFIEC CAT Best Practice Guideline 23 7 3
FedRAMP Baseline Security Controls Audit Guideline 20 99 5
Gramm Leach Bliley Bill or Act 19 14 10
ISO 27002 International or National Standard 18 11 7
NIST 800-53A International or National Standard 17 6 3
NIST SP 800-53 International or National Standard 17 12 3
California Consumer Privacy Act of 2018 Bill or Act 16 14 0
HIPAA Electronic Health Record Technology Regulation or Statute 16 7 3
23 NYCRR 500 Regulation or Statute 15 3 6
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 14 8 1
FCRA Regulation or Statute 14 21 4
ISO 9001:2015 International or National Standard 13 4 1
NIST CSF 1.0 International or National Standard 13 20 7
FFIEC IT Examination Handbook Audit Guideline 12 3 0
Cloud Security Alliance CCM V1.3 Best Practice Guideline 11 16 6
FACT Act Regulation or Statute 11 15 4
FFIEC Business Continuity Planning Handbook 2015 Audit Guideline 11 5 0
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 11 2 2
PCI DSS 3.0 Requirements Self-Regulatory Body Requirement 11 62 6
45 CFR Part 164 Regulation or Statute 10 13 7
AICPA Identity Theft Prevention Program Audit Guideline 10 7 0
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 10 6 1
CSIS 20 Critical Security Controls Best Practice Guideline 10 141 4
Insurance Data Security Model Law, NAIC MDL-668 Best Practice Guideline 10 0 0
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts Regulation or Statute 10 10 4
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 10 15 5
COSO Enterprise Risk Management (2017) Best Practice Guideline 9 5 0
Financial Services Sector Cybersecurity Profile International or National Standard 9 2 0
NIST SP 800 66 Safe Harbor 9 10 5
Argentina Personal Data Protection Act Regulation or Statute 8 5 5
COBIT 5 Enabling Processes: Basics Safe Harbor 8 26 0
Generally Accepted Privacy Principles Best Practice Guideline 8 5 0
ISO 27005 R 2011 International or National Standard 8 13 6
ISO 31000 R 2009 International or National Standard 8 144 4
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 8 3 1
ISO/IEC 27018:2014 International or National Standard 8 6 3