Official UC blog

Monthly Selected Authority Documents - September, 2023

Written by UCF | Oct 1, 2023 9:30:01 PM

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

 

AD Common Name AD Type Selected Groups Initiatives
ISO/IEC 27001:2022 International or National Standard 43 7 3
EU General Data Protection Regulation (GDPR) Regulation or Statute 39 185 19
NIST SP 800-53 R5 International or National Standard 38 26 15
NIST CSF 1.1 International or National Standard 36 58 22
ISO/IEC 27002:2022 International or National Standard 28 4 5
HIPAA Bill or Act 22 10 4
CIS Controls, V8 Best Practice Guideline 21 11 9
CobiT Safe Harbor 19 167 1
hipaa security rule Regulation or Statute 19 5 1
ISO 27001-2013 International or National Standard 19 213 21
ISO/IEC 27701:2019 International or National Standard 19 18 8
PCI DSS Defined Approach Requirements, Version 4.0 International or National Standard 19 8 3
Sarbanes-Oxley Act of 2002 Bill or Act 19 5 6
Cloud Controls Matrix, v4.0 Self-Regulatory Body Requirement 17 3 0
CMMC Level 2, v2.0 Best Practice Guideline 17 7 6
PCI DSS v3.2.1 Contractual Obligation 16 8 4
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 15 13 8
PCI DSS Defined Approach Testing Procedures, Version 4.0 International or National Standard 14 6 4
SOC2 Safe Harbor 14 5 0
23 NYCRR 500 Regulation or Statute 13 27 5
FFIEC CAT Best Practice Guideline 13 23 1
NIST SP 800-37r2 International or National Standard 13 13 5
California Privacy Rights Act (CPRA) Bill or Act 12 4 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 International or National Standard 12 9 5
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy Self-Regulatory Body Requirement 12 4 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 International or National Standard 11 10 8
HIPAA Electronic Health Record Technology Regulation or Statute 11 2 1
HIPAA HCFA Best Practice Guideline 11 3 2
ISO/IEC 27018:2019 International or National Standard 11 1 1
NIST CSF 1.0 International or National Standard 11 12 2
NIST SP 800 66 Safe Harbor 11 31 1
NIST SP 800-53 International or National Standard 11 17 1
California Consumer Privacy Act of 2018 Bill or Act 10 45 2
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020 International or National Standard 10 9 5
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 International or National Standard 10 6 3
ISO/IEC 27017:2015(E) Self-Regulatory Body Requirement 10 21 10
NIST AI 100-1 Best Practice Guideline 10 0 0
Gramm Leach Bliley Bill or Act 9 3 0
Shared Assessments SIG - E. Human Resource Security Audit Guideline 9 9 7
Shared Assessments SIG - P. Privacy Audit Guideline 9 8 6
Shared Assessments SIG - V. Cloud Audit Guideline 9 9 7
CMS Information Security Risk Assessment IS RA Procedure Self-Regulatory Body Requirement 8 1 2
Consumer Data Protection Act Bill or Act 8 0 0
COSO Internal Control - Integrated Framework Self-Regulatory Body Requirement 8 23 7
CRI Profile v1.2 Best Practice Guideline 8 6 0
NIST Privacy Framework International or National Standard 8 15 7
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations International or National Standard 8 9 0
Shared Assessments SIG - A. Risk Management Audit Guideline 8 9 7
Shared Assessments SIG - B. Security Policy Audit Guideline 8 9 7
Shared Assessments SIG - C. Organizational Security Audit Guideline 8 9 7