News

Monthly Selected Authority Documents - December, 2021

January 1, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
ISO 27001-2013International or National Standard2818711
NIST SP 800-53 R5International or National Standard2684
CIS Controls, V8Best Practice Guideline2200
NIST CSF 1.1International or National Standard213412
EU General Data Protection Regulation (GDPR)Regulation or Statute1816410
ISO 27002International or National Standard1472
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation141464
hipaa security ruleRegulation or Statute1141
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1Contractual Obligation1143
ISO/IEC 27002:2013(E)International or National Standard101397
CMMC Level 3Best Practice Guideline942
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard933
ISO/IEC 27701:2019International or National Standard9123
Sarbanes-Oxley Act of 2002Bill or Act923
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor81374
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement800
CMMC Level 1Best Practice Guideline842
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020International or National Standard820
FFIEC IT Examination HandbookAudit Guideline8122
Gramm Leach BlileyBill or Act800
NIST CSF 1.0International or National Standard8112
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard832
CobiTSafe Harbor71621
HIPAA Electronic Health Record TechnologyRegulation or Statute735
NIST SP 800-53International or National Standard7161
NIST SP 800-53 R4International or National Standard733
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and PrivacySelf-Regulatory Body Requirement742
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline6100
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020International or National Standard620
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020International or National Standard643
FFIEC Information Technology Examination Handbook - Business Continuity ManagementAudit Guideline6100
HIPAABill or Act694
ISO/ DIS 37301 DRAFTInternational or National Standard630
ISO/IEC 27017:2015(E)Self-Regulatory Body Requirement6144
ISO/IEC 27018:2014International or National Standard6152
NIST Privacy FrameworkInternational or National Standard692
NIST SP 800-30International or National Standard6126
Red Book (Condensed)International or National Standard694
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4International or National Standard640
SOC2Safe Harbor600
SWIFT Customer Security Controls FrameworkBest Practice Guideline600
California Consumer Privacy Act of 2018Bill or Act511
California Consumer Privacy Act of 2018Bill or Act5391
CIS Controls, V7.1Best Practice Guideline552
Cloud Security Alliance CCM V1.3Best Practice Guideline550
CMMC Level 2Best Practice Guideline542
CMMC Level 4Best Practice Guideline530
FFIEC CATBest Practice Guideline5101
FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021Audit Guideline500
ISO 27005 R 2011International or National Standard5123