News

Monthly Selected Authority Documents - October, 2019

November 1, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard7219524
NIST SP 800-53 R4International or National Standard5412914
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard496310
EU General Data Protection Regulation (GDPR)Regulation or Statute481568
NIST SP 800-53 R4 High ImpactInternational or National Standard381639
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation3314912
NIST SP 800-53 R4 Low ImpactInternational or National Standard28529
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor271206
NIST CSF 1.1International or National Standard2791
FedRAMP Baseline Security ControlsAudit Guideline251195
Sarbanes Oxley SOXRegulation or Statute2515017
23 NYCRR 500Regulation or Statute2276
CIS Controls V7Best Practice Guideline2280
California Consumer Privacy Act of 2018Bill or Act21230
HIPAABill or Act20978
CobiTSafe Harbor181716
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement1861
ISO/IEC 27002:2013(E)International or National Standard1715817
HIPAA Electronic Health Record TechnologyRegulation or Statute1583
ISO 31000 R 2009International or National Standard151645
45 CFR Part 164Regulation or Statute13137
Cloud Controls Matrix, Version 3.0Self-Regulatory Body Requirement1391
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1271
CSIS 20 Critical Security ControlsBest Practice Guideline121604
ISO/IEC 27018:2014International or National Standard1293
NIST SP 800 66Safe Harbor12115
NIST SP 800-53International or National Standard12123
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement12826
Cloud Security Alliance CCM V1.3Best Practice Guideline11166
ISO 9001:2015International or National Standard1151
ITIL Security ManagementBest Practice Guideline1163
Notice on Technology Risk Management, Notice No. CMG-N02Self-Regulatory Body Requirement11330
PIPEDABill or Act1110
Trust Services CriteriaSelf-Regulatory Body Requirement1130
APRA PPG 234Safe Harbor10131
Arkansas Personal Information Protection ActRegulation or Statute1072
FFIEC CATBest Practice Guideline1073
Insurance Data Security Model Law, NAIC MDL-668Best Practice Guideline1000
MAS TRMContractual Obligation10270
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute10104
NIST CSF 1.0International or National Standard10218
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard1022
North Carolina General Statutes, Section 75-60Regulation or Statute1040
Switzerland Federal Act on Data ProtectionRegulation or Statute1052
UK Data Protection Act 2018Bill or Act1020
Utah Protection of Personal Information ActRegulation or Statute1040
Arizona Revised Statues, Notification of breach of security systemRegulation or Statute940
Australia Privacy Amendment ActRegulation or Statute9226
California Civil Code Section 1798.29, Accounting of DisclosuresRegulation or Statute900
FINRA Report on Cybersecurity PracticesSelf-Regulatory Body Requirement930