| NIST SP 800-53 R5 |
International or National Standard |
32 |
26 |
15 |
| ISO/IEC 27001:2022 |
International or National Standard |
27 |
5 |
3 |
| EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
26 |
183 |
18 |
| ISO 27001-2013 |
International or National Standard |
24 |
213 |
21 |
| NIST CSF 1.1 |
International or National Standard |
23 |
57 |
22 |
| PCI DSS Defined Approach Requirements, Version 4.0 |
International or National Standard |
21 |
8 |
3 |
| CIS Controls, V8 |
Best Practice Guideline |
19 |
9 |
8 |
| ISO/IEC 27002:2022 |
International or National Standard |
19 |
3 |
5 |
| CobiT |
Safe Harbor |
17 |
167 |
1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
16 |
9 |
5 |
| Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
15 |
3 |
0 |
| PCI DSS v3.2.1 |
Contractual Obligation |
15 |
8 |
4 |
| ISO/IEC 27701:2019 |
International or National Standard |
14 |
18 |
8 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
14 |
12 |
8 |
| AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
12 |
144 |
6 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 |
International or National Standard |
12 |
10 |
8 |
| NIST SP 800-53 R4 |
International or National Standard |
11 |
5 |
3 |
| SWIFT Customer Security Controls Framework |
Best Practice Guideline |
11 |
0 |
0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 |
International or National Standard |
10 |
9 |
5 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 |
International or National Standard |
10 |
6 |
3 |
| NIST Privacy Framework |
International or National Standard |
10 |
15 |
7 |
| NIST SP 800-161 r1 |
International or National Standard |
10 |
1 |
0 |
| 23 NYCRR 500 |
Regulation or Statute |
9 |
26 |
4 |
| California Privacy Rights Act (CPRA) |
Bill or Act |
9 |
3 |
1 |
| CMMC Level 2, v2.0 |
Best Practice Guideline |
9 |
7 |
6 |
| Gramm Leach Bliley |
Bill or Act |
9 |
3 |
0 |
| HIPAA |
Bill or Act |
9 |
10 |
4 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements |
International or National Standard |
9 |
19 |
0 |
| ISO 27002 |
International or National Standard |
9 |
8 |
4 |
| ISO/IEC 27002:2013(E) |
International or National Standard |
9 |
144 |
13 |
| NIST SP 800-37r2 |
International or National Standard |
9 |
13 |
5 |
| NIST SP 800-53 |
International or National Standard |
9 |
17 |
1 |
| Sarbanes-Oxley Act of 2002 |
Bill or Act |
9 |
5 |
6 |
| NIST SP 800-39 |
International or National Standard |
8 |
19 |
6 |
| Trust Services Criteria (with Revised Points of Focus - 2022) |
Self-Regulatory Body Requirement |
8 |
0 |
0 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
8 |
4 |
2 |
| California Consumer Privacy Act of 2018 |
Bill or Act |
7 |
44 |
1 |
| CMMC Level 1, v2.0 |
Best Practice Guideline |
7 |
6 |
5 |
| COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
7 |
23 |
7 |
| EBA/GL/2019/04 |
Regulation or Statute |
7 |
21 |
0 |
| ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
7 |
21 |
10 |
| Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts |
Regulation or Statute |
7 |
3 |
1 |
| NIST SP 800-61 |
International or National Standard |
7 |
24 |
9 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 |
International or National Standard |
7 |
6 |
4 |
| APRA CPS 234 |
Regulation or Statute |
6 |
12 |
0 |
| Australian Government Information Security Manual 2021 |
International or National Standard |
6 |
3 |
0 |
| Australian Government Information Security Manual Controls |
International or National Standard |
6 |
3 |
0 |
| COBIT 2019 |
Safe Harbor |
6 |
5 |
2 |
| Code of Alabama, Sections 13A-8-190 thru 13A-8-201 |
Regulation or Statute |
6 |
3 |
2 |
| Consumer Data Protection Act |
Bill or Act |
6 |
0 |
0 |
