| ISO 27001-2013 | International or National Standard | 27 | 186 | 11 |
| NIST SP 800-53 R5 | International or National Standard | 26 | 8 | 3 |
| NIST CSF 1.1 | International or National Standard | 22 | 34 | 12 |
| CIS Controls, V8 | Best Practice Guideline | 17 | 0 | 0 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 | Contractual Obligation | 17 | 4 | 3 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 13 | 164 | 10 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 10 | 3 | 2 |
| HIPAA | Bill or Act | 9 | 9 | 4 |
| hipaa security rule | Regulation or Statute | 9 | 4 | 1 |
| 23 NYCRR 500 | Regulation or Statute | 8 | 9 | 3 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 8 | 2 | 0 |
| ISO 27002 | International or National Standard | 8 | 7 | 2 |
| ISO/IEC 27002:2013(E) | International or National Standard | 8 | 138 | 7 |
| ISO/IEC 27701:2019 | International or National Standard | 8 | 11 | 3 |
| NIST SP 800-53 | International or National Standard | 8 | 16 | 1 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 8 | 2 | 3 |
| 21 CFR Part 11 | Regulation or Statute | 7 | 29 | 0 |
| CMMC Level 3 | Best Practice Guideline | 7 | 4 | 2 |
| HITECH title within the American Recovery and Reinvestment Act of 2009 | Bill or Act | 7 | 10 | 2 |
| ISO 9001:2015 | International or National Standard | 7 | 18 | 2 |
| ISO/IEC 27018:2014 | International or National Standard | 7 | 15 | 2 |
| CobiT | Safe Harbor | 6 | 162 | 1 |
| Gramm Leach Bliley | Bill or Act | 6 | 0 | 0 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 6 | 13 | 4 |
| NIST SP 800-171 | International or National Standard | 6 | 2 | 1 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 5 | 0 | 0 |
| Cloud Security Alliance CCM V1.3 | Best Practice Guideline | 5 | 5 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | International or National Standard | 5 | 4 | 3 |
| COSO Internal Control - Integrated Framework | Self-Regulatory Body Requirement | 5 | 10 | 2 |
| FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 | Audit Guideline | 5 | 0 | 0 |
| ISO 14001:2015 | International or National Standard | 5 | 0 | 0 |
| APRA CPS 234 | Regulation or Statute | 4 | 3 | 0 |
| California Consumer Privacy Act of 2018 | Bill or Act | 4 | 39 | 1 |
| EudraLex Rules Governing Medicinal Products in the European Union Annex 11 Computerised Systems | Best Practice Guideline | 4 | 4 | 1 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 4 | 1 | 1 |
| India Indian Info Privacy Act | Regulation or Statute | 4 | 15 | 0 |
| ISO 31000:2018 | International or National Standard | 4 | 10 | 1 |
| Italy Personal Data Protection Code | Regulation or Statute | 4 | 1 | 0 |
| MAS-TRMG-2021 | Contractual Obligation | 4 | 3 | 0 |
| New Zealand Privacy Act | Regulation or Statute | 4 | 3 | 0 |
| NICE NIST | International or National Standard | 4 | 12 | 1 |
| NIST CSF 1.0 | International or National Standard | 4 | 11 | 2 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 4 | 146 | 4 |
| PIPEDA | Bill or Act | 4 | 2 | 2 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | Self-Regulatory Body Requirement | 4 | 4 | 2 |
| 45 CFR Part 160 | Regulation or Statute | 3 | 4 | 4 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 3 | 137 | 4 |
| Australian Privacy Act | Bill or Act | 3 | 2 | 0 |
| Austria Data Protection Law | Regulation or Statute | 3 | 1 | 0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 3 | 9 | 0 |
