News

Monthly Selected Authority Documents - November, 2019

December 1, 2019

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard6920625
NIST SP 800-53 R4International or National Standard3814015
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor321317
NIST SP 800-53 R4 Moderate ImpactInternational or National Standard306910
EU General Data Protection Regulation (GDPR)Regulation or Statute271658
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation2415812
NIST SP 800-53 R4 High ImpactInternational or National Standard231729
HIPAABill or Act201069
NIST CSF 1.1International or National Standard20112
Sarbanes Oxley SOXRegulation or Statute1815917
Red Book (Condensed)International or National Standard1653
FedRAMP Baseline Security ControlsAudit Guideline151285
NIST SP 800 66Safe Harbor15115
Gramm Leach BlileyBill or Act141510
ISO 27002International or National Standard14118
23 NYCRR 500Regulation or Statute1397
45 CFR Part 164Regulation or Statute13137
HIPAA Electronic Health Record TechnologyRegulation or Statute1383
ISO/IEC 27701:2019International or National Standard1220
NIST CSF 1.0International or National Standard12218
COBIT 2019Safe Harbor1121
ISO/IEC 27002:2013(E)International or National Standard1116817
NIST SP 800-171International or National Standard1173
NIST SP 800-53 R4 Low ImpactInternational or National Standard11589
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement1071
California Consumer Privacy Act of 2018Bill or Act10270
Cloud Security Alliance CCM V1.3Best Practice Guideline9166
ISO 31000 R 2009International or National Standard91746
CIS Controls V7Best Practice Guideline8101
CobiTSafe Harbor81806
ISO 27005 R 2011International or National Standard8187
ITIL Security ManagementBest Practice Guideline863
NIST 800-53AInternational or National Standard894
EU-US Privacy Shield Framework Principles Annex IIRegulation or Statute710
FFIEC CATBest Practice Guideline7103
FFIEC IT Examination HandbookAudit Guideline771
SSAE 18Safe Harbor751
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor7176
Trust Services CriteriaSelf-Regulatory Body Requirement731
AICPA PrivacySafe Harbor650
AICPA Trust ServicesAudit Guideline671
CSIS 20 Critical Security ControlsBest Practice Guideline61694
HITECH title within the American Recovery and Reinvestment Act of 2009Bill or Act6143
NIST SP 800-53International or National Standard6123
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement6916
FFIEC Supervision of Technology Service ProvidersBest Practice Guideline591
Generally Accepted Privacy PrinciplesBest Practice Guideline550
Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber FraudsBest Practice Guideline5100
HIPAA HCFABest Practice Guideline5192
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard522