Skip to content

Monthly Selected Authority Documents - May, 2018

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 75 95 20
NIST SP 800-53 R4 International or National Standard 49 46 8
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 48 64 8
NIST SP 800-53 R4 Moderate Impact International or National Standard 45 22 6
EU General Data Protection Regulation (GDPR) Regulations 37 60 3
NIST SP 800-53 R4 High Impact International or National Standard 34 73 4
NIST SP 800-53 R4 Low Impact International or National Standard 33 18 4
Sarbanes Oxley SOX Regulation or Statute 33 67 16
CobiT Safe Harbor 32 80 6
ISO 27002 International or National Standard 28 10 7
Gramm Leach Bliley Bill or Act 24 12 10
HIPAA Bill or Act 24 41 8
ISO/IEC 27002:2013(E) International or National Standard 23 74 16
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 22 37 4
NIST Cybersecurity Framework International or National Standard 21 4 2
ISO 31000 R 2009 International or National Standard 18 75 4
CSIS 20 Critical Security Controls Best Practice Guideline 16 73 4
23 NYCRR 500 Regulations 15 0 6
ISO 27005 R 2011 International or National Standard 13 9 6
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 13 11 3
16 CFR Part 314 Regulation or Statute 12 11 9
HIPAA Electronic Health Record Technology Regulation or Statute 12 7 3
NIST SP 800-171 International or National Standard 12 4 1
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 11 0 0
NIST SP 800-53 International or National Standard 11 9 3
PCI SAQ A v3.1 Contractual Obligation 11 5 1
FedRAMP Baseline Security Controls Audit Guideline 10 36 5
ISO 20000-1 2nd Ed International or National Standard 10 45 4
16 CFR Part 313 Regulation or Statute 8 11 10
CIS 20 Critical Security Controls Best Practice Guideline 8 5 2
HIPAA HCFA Best Practice Guideline 8 18 2
ISO 20000-2 R 2005 International or National Standard 8 44 4
NIST 800-53A International or National Standard 8 6 3
NIST Framework for Improving Critical Infrastructure Cybersecurity International or National Standard 8 15 7
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 8 0 2
45 CFR Part 164 Regulation or Statute 7 13 6
Federal Information Security Management Act FISMA Regulation or Statute 7 14 4
FFIEC Business Continuity Planning Handbook 2015 Audit Guideline 7 0 0
FFIEC CAT Best Practice Guideline 7 0 0
FFIEC Development Acquisition Best Practice Guideline 7 5 0
FFIEC IT Examination Handbook Audit Guideline 7 0 0
ISO/IEC 27018:2014 International or National Standard 7 4 3
NIST SP 800 66 Safe Harbor 7 8 5
BSI-Standard 100-2 International or National Standard 6 9 0
Cloud Security Alliance CCM V1.3 Best Practice Guideline 6 12 6
COSO ERM Safe Harbor 6 5 3
EudraLex Rules Governing Medicinal Products in the European Union Annex 11 Computerised Systems Best Practice Guideline 6 3 2
FFIEC Outsourcing Technology Services Best Practice Guideline 6 8 1
FTC FACT Act Red Flags Rule Template Audit Guideline 6 9 1
ITIL Security Management Best Practice Guideline 6 6 3