Skip to content

Monthly Selected Authority Documents - June, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 43 192 17
EU General Data Protection Regulation (GDPR) Regulation or Statute 31 169 15
NIST CSF 1.1 International or National Standard 27 39 19
NIST SP 800-53 R5 International or National Standard 26 14 11
CIS Controls, V8 Best Practice Guideline 25 6 7
ISO/IEC 27701:2019 International or National Standard 18 17 8
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 18 4 4
SOC2 Safe Harbor 18 0 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 17 9 8
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 16 12 3
CobiT Safe Harbor 16 162 1
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 15 19 9
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 15 0 2
California Consumer Privacy Act of 2018 Bill or Act 13 1 1
hipaa security rule Regulation or Statute 13 5 1
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 12 8 5
ISO 27002 International or National Standard 12 7 2
ISO/IEC 27002:2022 International or National Standard 12 0 3
NIST SP 800-53 International or National Standard 12 17 1
ISO 9001:2015 International or National Standard 10 18 2
ISO/IEC 27002:2013(E) International or National Standard 10 144 13
PCI DSS Defined Approach Testing Procedures, Version 4.0 International or National Standard 10 2 3
HIPAA Bill or Act 9 10 5
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 9 150 7
Red Book (Condensed) International or National Standard 9 11 7
Sarbanes-Oxley Act of 2002 Bill or Act 9 2 4
23 NYCRR 500 Regulation or Statute 8 10 3
AICPA Trust Services Audit Guideline 8 6 1
Cyber Essentials Self-Assessment, Version 13 Best Practice Guideline 8 5 5
Gramm Leach Bliley Bill or Act 8 0 1
ISO 31000:2018 International or National Standard 8 15 6
NIST SP 800-39 International or National Standard 8 10 6
AICPA Privacy Safe Harbor 7 6 1
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 7 0 0
Cloud Security Alliance CCM V1.3 Best Practice Guideline 7 5 1
CMMC Level 1, v2.0 Best Practice Guideline 7 5 5
COSO ERM Safe Harbor 7 11 8
HIPAA Electronic Health Record Technology Regulation or Statute 7 2 1
ISO 27005 R 2011 International or National Standard 7 17 8
ISO/IEC 27018:2019 International or National Standard 7 0 0
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 7 9 7
OWASP Top 10 - 2017 International or National Standard 7 8 5
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 7 9 3
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 6 137 4
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 6 10 1
BSI-Standard 100-2 International or National Standard 6 8 0
California Consumer Privacy Act of 2018 Bill or Act 6 39 1
CIS 20 Critical Security Controls Best Practice Guideline 6 24 2
CMMC Level 2, v2.0 Best Practice Guideline 6 5 5
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 International or National Standard 6 8 5