ISO 27001-2013 |
International or National Standard |
52 |
186 |
11 |
NIST SP 800-53 R5 |
International or National Standard |
31 |
8 |
3 |
NIST CSF 1.1 |
International or National Standard |
29 |
34 |
12 |
EU General Data Protection Regulation (GDPR) |
Regulation or Statute |
28 |
164 |
10 |
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 |
Contractual Obligation |
23 |
4 |
3 |
PCI DSS Requirements and Security Assessment Procedures |
Contractual Obligation |
20 |
146 |
4 |
HIPAA |
Bill or Act |
18 |
9 |
4 |
FedRAMP Security Controls Baseline, 2018 |
Audit Guideline |
17 |
1 |
4 |
ISO/IEC 27002:2013(E) |
International or National Standard |
17 |
138 |
7 |
CobiT |
Safe Harbor |
16 |
162 |
1 |
hipaa security rule |
Regulation or Statute |
16 |
4 |
1 |
ISO/IEC 27701:2019 |
International or National Standard |
16 |
11 |
3 |
AICPA Reporting on Controls at a Service Organization SOC-2 |
Safe Harbor |
15 |
137 |
4 |
CIS Controls, V8 |
Best Practice Guideline |
15 |
0 |
0 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 |
International or National Standard |
14 |
2 |
0 |
FedRAMP Baseline Security Controls |
Audit Guideline |
14 |
124 |
0 |
NIST SP 800-53 |
International or National Standard |
14 |
16 |
1 |
ISO/IEC 27017:2015(E) |
Self-Regulatory Body Requirement |
13 |
13 |
4 |
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
International or National Standard |
12 |
3 |
2 |
Cloud Controls Matrix, v4.0 |
Self-Regulatory Body Requirement |
11 |
0 |
0 |
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements |
International or National Standard |
11 |
13 |
0 |
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy |
Self-Regulatory Body Requirement |
10 |
4 |
2 |
23 NYCRR 500 |
Regulation or Statute |
9 |
9 |
3 |
California Consumer Privacy Act of 2018 |
Bill or Act |
9 |
1 |
1 |
CMMC Level 1 |
Best Practice Guideline |
9 |
3 |
2 |
HIPAA Electronic Health Record Technology |
Regulation or Statute |
9 |
1 |
1 |
HIPAA Electronic Health Record Technology |
Regulation or Statute |
9 |
3 |
5 |
ISO 9001:2015 |
International or National Standard |
9 |
18 |
2 |
NIST SP 800 66 |
Safe Harbor |
9 |
25 |
1 |
PCI SAQ A |
Contractual Obligation |
9 |
3 |
0 |
PCI SAQ A v3.1 |
Contractual Obligation |
9 |
4 |
0 |
PCI SAQ A v3.2 |
Contractual Obligation |
9 |
5 |
3 |
Sarbanes-Oxley Act of 2002 |
Bill or Act |
9 |
2 |
3 |
COSO Internal Control - Integrated Framework |
Self-Regulatory Body Requirement |
8 |
10 |
2 |
HITECH title within the American Recovery and Reinvestment Act of 2009 |
Bill or Act |
8 |
10 |
2 |
Information Supplement: PCI DSS Cloud Computing Guidelines |
Contractual Obligation |
8 |
6 |
2 |
ISO 27002 |
International or National Standard |
8 |
7 |
2 |
ISO/IEC 27018:2014 |
International or National Standard |
8 |
15 |
2 |
MAS-TRMG-2021 |
Contractual Obligation |
8 |
3 |
0 |
NICE NIST |
International or National Standard |
8 |
12 |
1 |
Red Book (Condensed) |
International or National Standard |
8 |
9 |
4 |
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 |
Safe Harbor |
8 |
9 |
3 |
Trust Services Criteria |
Self-Regulatory Body Requirement |
8 |
6 |
2 |
California Consumer Privacy Act of 2018 |
Bill or Act |
7 |
39 |
1 |
CMMC Level 2 |
Best Practice Guideline |
7 |
3 |
2 |
CMMC Level 3 |
Best Practice Guideline |
7 |
3 |
2 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 |
International or National Standard |
7 |
3 |
3 |
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 |
International or National Standard |
7 |
4 |
3 |
FFIEC IT Examination Handbook |
Audit Guideline |
7 |
12 |
2 |
Information Supplement: Best Practices for Implementing a Security Awareness Program |
Contractual Obligation |
7 |
3 |
0 |