Skip to content

Monthly Selected Authority Documents - September, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 73 195 24
NIST SP 800-53 R4 International or National Standard 54 129 14
NIST SP 800-53 R4 Moderate Impact International or National Standard 49 63 10
EU General Data Protection Regulation (GDPR) Regulation or Statute 48 156 8
NIST SP 800-53 R4 High Impact International or National Standard 38 163 9
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 34 149 12
NIST SP 800-53 R4 Low Impact International or National Standard 28 52 9
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 27 120 6
NIST CSF 1.1 International or National Standard 27 9 1
FedRAMP Baseline Security Controls Audit Guideline 25 119 5
Sarbanes Oxley SOX Regulation or Statute 25 150 17
23 NYCRR 500 Regulation or Statute 22 7 6
CIS Controls V7 Best Practice Guideline 22 8 0
California Consumer Privacy Act of 2018 Bill or Act 21 23 0
HIPAA Bill or Act 20 97 8
CobiT Safe Harbor 18 171 6
ISO/IEC 27002:2013(E) International or National Standard 18 158 17
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 18 6 1
HIPAA Electronic Health Record Technology Regulation or Statute 15 8 3
ISO 31000 R 2009 International or National Standard 15 164 5
45 CFR Part 164 Regulation or Statute 13 13 7
Cloud Controls Matrix, Version 3.0 Self-Regulatory Body Requirement 13 9 1
AICPA Trust Services Principles and Criteria Self-Regulatory Body Requirement 12 7 1
CSIS 20 Critical Security Controls Best Practice Guideline 12 160 4
ISO/IEC 27018:2014 International or National Standard 12 9 3
NIST SP 800 66 Safe Harbor 12 11 5
NIST SP 800-53 International or National Standard 12 12 3
PCI DSS 3.0 Requirements Self-Regulatory Body Requirement 12 82 6
APRA PPG 234 Safe Harbor 11 13 1
Cloud Security Alliance CCM V1.3 Best Practice Guideline 11 16 6
ISO 9001:2015 International or National Standard 11 5 1
ITIL Security Management Best Practice Guideline 11 6 3
Notice on Technology Risk Management, Notice No. CMG-N02 Self-Regulatory Body Requirement 11 33 0
PIPEDA Bill or Act 11 1 0
Trust Services Criteria Self-Regulatory Body Requirement 11 3 0
Arkansas Personal Information Protection Act Regulation or Statute 10 7 2
FFIEC CAT Best Practice Guideline 10 7 3
Insurance Data Security Model Law, NAIC MDL-668 Best Practice Guideline 10 0 0
MAS TRM Contractual Obligation 10 27 0
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts Regulation or Statute 10 10 4
NIST CSF 1.0 International or National Standard 10 21 8
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 10 2 2
North Carolina General Statutes, Section 75-60 Regulation or Statute 10 4 0
Switzerland Federal Act on Data Protection Regulation or Statute 10 5 2
UK Data Protection Act 2018 Statutes (Bills or Acts) 10 2 0
Utah Protection of Personal Information Act Regulation or Statute 10 4 0
Arizona Revised Statues, Notification of breach of security system Regulation or Statute 9 4 0
Australia Privacy Amendment Act Regulation or Statute 9 22 6
California Civil Code Section 1798.29, Accounting of Disclosures Regulation or Statute 9 0 0
FINRA Report on Cybersecurity Practices Self-Regulatory Body Requirement 9 3 0