Skip to content

Monthly Selected Authority Documents - September, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past...

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.



AD Common Name AD Type Selected Groups Initiatives
ISO 27001-2013 International or National Standard 34 194 17
NIST CSF 1.1 International or National Standard 30 42 19
NIST SP 800-53 R5 International or National Standard 26 18 11
NIST SP 800-53 International or National Standard 25 18 2
Sarbanes-Oxley Act of 2002 Bill or Act 19 2 4
EU General Data Protection Regulation (GDPR) Regulation or Statute 17 169 15
ISO/IEC 27002:2022 International or National Standard 16 1 3
ISO/IEC 27701:2019 International or National Standard 16 18 8
23 NYCRR 500 Regulation or Statute 14 13 3
PCI DSS v3.2.1 Contractual Obligation 14 4 4
CIS Controls, V8 Best Practice Guideline 13 7 7
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 13 2 0
California Consumer Privacy Act of 2018 Bill or Act 12 3 1
NIST Privacy Framework International or National Standard 12 14 7
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 12 4 3
CobiT Safe Harbor 11 162 1
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 11 10 7
PCI DSS Defined Approach Testing Procedures, Version 4.0 International or National Standard 11 5 4
PCI DSS Wireless Guideline Safe Harbor 11 8 1
BSI Cloud Computing Compliance Controls Catalogue (C5) Best Practice Guideline 10 12 3
California Consumer Privacy Act of 2018 Bill or Act 10 40 1
NIST CSF 1.0 International or National Standard 10 11 2
hipaa security rule Regulation or Statute 9 5 1
NIST SP 800-161 r1 International or National Standard 9 1 0
NIST SP 800-39 International or National Standard 9 10 6
PCI DSS Requirements and Security Assessment Procedures Contractual Obligation 9 151 7
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 9 4 2
AICPA Reporting on Controls at a Service Organization SOC-2 Safe Harbor 8 138 4
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 8 5 3
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 15 7
ISO 27002 International or National Standard 8 8 3
NIST SP 800-122 International or National Standard 7 12 8
Brazilian General Data Protection Law (LGPD) Bill or Act 6 3 0
California's Internet Privacy Requirements Bill or Act 6 5 1
CMMC Level 2, v2.0 Best Practice Guideline 6 6 5
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 6 8 5
Florida Statute § 501.171 Security of confidential personal information Regulation or Statute 6 2 0
Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possession Regulation or Statute 6 3 0
Gramm Leach Bliley Bill or Act 6 2 1
ISO/IEC 27002:2013(E) International or National Standard 6 144 13
NIST SP 800-37r2 International or National Standard 6 11 4
Arizona Revised Statues, Notification of breach of security system Regulation or Statute 5 2 0
Childrens Online Privacy Protection Act Regulation or Statute 5 7 0
CIS Controls, V7.1 Best Practice Guideline 5 6 2
CMMC Level 1, v2.0 Best Practice Guideline 5 5 5
Colorado Privacy Act Bill or Act 5 1 0
Colorado Revised Statutes, Section 6-1-716, Notification of Security Breach Regulation or Statute 5 3 0
Consumer Data Protection Act Bill or Act 5 1 0
COSO Enterprise Risk Management (2017) Best Practice Guideline 5 16 8
COSO ERM Safe Harbor 5 11 8