Skip to content

Monthly Selected Authority Documents - March, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 86 143 22
NIST SP 800-53 R4 International or National Standard 59 89 13
NIST SP 800-53 R4 Moderate Impact International or National Standard 48 42 10
EU General Data Protection Regulation (GDPR) Regulation or Statute 46 109 8
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 44 109 11
NIST SP 800-53 R4 Low Impact International or National Standard 43 37 9
NIST SP 800-53 R4 High Impact International or National Standard 37 120 9
NIST CSF 1.1 International or National Standard 33 2 0
ISO/IEC 27002:2013(E) International or National Standard 29 116 17
Sarbanes Oxley SOX Regulation or Statute 29 110 17
CobiT Safe Harbor 28 121 6
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 27 73 6
CIS Controls V7 Best Practice Guideline 25 0 0
California Consumer Privacy Act of 2018 Bill or Act 24 14 0
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 22 6 1
HIPAA Bill or Act 21 62 8
ISO 27002 International or National Standard 20 11 7
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 20 1 1
23 NYCRR 500 Regulation or Statute 19 2 6
Cloud Security Alliance CCM V1.3 Best Practice Guideline 18 13 6
HIPAA Electronic Health Record Technology Regulation or Statute 18 7 3
Gramm Leach Bliley Bill or Act 16 12 10
ITIL Security Management Best Practice Guideline 16 6 3
NIST SP 800 66 Safe Harbor 16 9 5
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 16 15 5
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 15 4 1
ISO/IEC 27018:2014 International or National Standard 15 4 3
NIST SP 800-53 International or National Standard 15 10 3
45 CFR Part 164 Regulation or Statute 14 13 7
FFIEC CAT Best Practice Guideline 14 5 3
HIPAA HCFA Best Practice Guideline 14 18 2
Red Book (Condensed) International or National Standard 14 1 1
Argentina Personal Data Protection Act Regulation or Statute 13 5 5
Notice on Technology Risk Management, Notice No. CMG-N02 Self-Regulatory Body Requirement 13 12 0
CA Security of Connected Devices Bill or Act 12 0 0
FFIEC Business Continuity Planning Handbook 2015 Audit Guideline 12 3 0
FFIEC IT Examination Handbook Audit Guideline 12 0 0
India Indian Info Privacy Act Regulation or Statute 12 7 0
MAS TRM Contractual Obligation 12 8 0
NIST CSF 1.0 International or National Standard 12 19 7
CIS 20 Critical Security Controls Best Practice Guideline 11 6 2
COSO Enterprise Risk Management (2017) Best Practice Guideline 11 4 0
FedRAMP Baseline Security Controls Audit Guideline 11 71 5
ISO 20000-1 2nd Ed International or National Standard 11 43 4
ISO 27005 R 2011 International or National Standard 11 11 6
NIST 800-53A International or National Standard 11 6 3
ITIL Service Support Best Practice Guideline 10 4 3
45 CFR Part 160 Regulation or Statute 9 7 1
45 CFR Part 162 Regulation or Statute 9 3 1
Australian Government Information Security Manual Controls International or National Standard 9 7 3