Official UC blog

Monthly Selected Authority Documents - October, 2021

Written by UCF | Nov 1, 2021 6:35:01 AM

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 52 186 11
NIST SP 800-53 R5 International or National Standard 31 8 3
NIST CSF 1.1 International or National Standard 29 34 12
EU General Data Protection Regulation (GDPR) Regulation or Statute 28 164 10
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 Contractual Obligation 23 4 3
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 20 146 4
HIPAA Bill or Act 18 9 4
FedRAMP Security Controls Baseline, 2018 Audit Guideline 17 1 4
ISO/IEC 27002:2013(E) International or National Standard 17 138 7
CobiT Safe Harbor 16 162 1
hipaa security rule Regulation or Statute 16 4 1
ISO/IEC 27701:2019 International or National Standard 16 11 3
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 15 137 4
CIS Controls, V8 Best Practice Guideline 15 0 0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 14 2 0
FedRAMP Baseline Security Controls Audit Guideline 14 124 0
NIST SP 800-53 International or National Standard 14 16 1
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 13 13 4
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 12 3 2
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 11 0 0
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements International or National Standard 11 13 0
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 10 4 2
23 NYCRR 500 Regulation or Statute 9 9 3
California Consumer Privacy Act of 2018 Bill or Act 9 1 1
CMMC Level 1 Best Practice Guideline 9 3 2
HIPAA Electronic Health Record Technology Regulation or Statute 9 1 1
HIPAA Electronic Health Record Technology Regulation or Statute 9 3 5
ISO 9001:2015 International or National Standard 9 18 2
NIST SP 800 66 Safe Harbor 9 25 1
PCI SAQ A Contractual Obligation 9 3 0
PCI SAQ A v3.1 Contractual Obligation 9 4 0
PCI SAQ A v3.2 Contractual Obligation 9 5 3
Sarbanes-Oxley Act of 2002 Bill or Act 9 2 3
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 10 2
HITECH title within the American Recovery and Reinvestment Act of 2009 Bill or Act 8 10 2
Information Supplement: PCI DSS Cloud Computing Guidelines Contractual Obligation 8 6 2
ISO 27002 International or National Standard 8 7 2
ISO/IEC 27018:2014 International or National Standard 8 15 2
MAS-TRMG-2021 Contractual Obligation 8 3 0
NICE NIST International or National Standard 8 12 1
Red Book (Condensed) International or National Standard 8 9 4
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 Safe Harbor 8 9 3
Trust Services Criteria Self-Regulatory Body Requirement 8 6 2
California Consumer Privacy Act of 2018 Bill or Act 7 39 1
CMMC Level 2 Best Practice Guideline 7 3 2
CMMC Level 3 Best Practice Guideline 7 3 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 7 3 3
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 7 4 3
FFIEC IT Examination Handbook Audit Guideline 7 12 2
Information Supplement: Best Practices for Implementing a Security Awareness Program Contractual Obligation 7 3 0