Monthly Selected Authority Documents - August, 2022

September 1, 2022

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common NameAD TypeSelectedGroupsInitiatives
NIST SP 800-53 R5International or National Standard201611
ISO 27001-2013International or National Standard1919217
EU General Data Protection Regulation (GDPR)Regulation or Statute1716915
PCI DSS v3.2.1Contractual Obligation1544
NIST CSF 1.1International or National Standard134019
ISO/IEC 27002:2022International or National Standard1213
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1113
Sarbanes-Oxley Act of 2002Bill or Act1124
NIST SP 800-53International or National Standard10171
CIS Controls, V8Best Practice Guideline977
PCI DSS Wireless GuidelineSafe Harbor971
23 NYCRR 500Regulation or Statute8113
hipaa security ruleRegulation or Statute851
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard843
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard7107
Red Book (Condensed)International or National Standard7127
SOC2Safe Harbor700
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline6123
ISO 22301:2019(E)International or National Standard600
NIST CSF 1.0International or National Standard6112
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement520
FedRAMP Baseline Security ControlsAudit Guideline51240
Gramm Leach BlileyBill or Act521
ISO 27002International or National Standard572
ISO/IEC 27002:2013(E)International or National Standard514413
ISO/IEC 27701:2019International or National Standard5178
MAS TRMContractual Obligation5370
PCI DSS 3.0 RequirementsSelf-Regulatory Body Requirement5951
PCI SAQ A v3.1Contractual Obligation540
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor41374
CIS 20 Critical Security ControlsBest Practice Guideline4252
CMMC Level 1, v2.0Best Practice Guideline455
CMMC Level 2, v2.0Best Practice Guideline465
FFIEC CATBest Practice Guideline4101
FFIEC Information Technology Examination Handbook - Business Continuity ManagementAudit Guideline4155
Generally Accepted Privacy PrinciplesBest Practice Guideline441
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute422
ISO 27005:2018International or National Standard400
MAS-TRMG-2021Contractual Obligation440
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsRegulation or Statute420
PCI DSS Requirements and Security Assessment ProceduresContractual Obligation41507
PCI DSS Security Scanning ProceduresContractual Obligation472
ACSI 33Best Practice Guideline310
AICPA Trust Services Principles and CriteriaSelf-Regulatory Body Requirement3101
Australian Government Information Security Manual 2021International or National Standard300
Canada Personal Information Protection Electronic Documents ActRegulation or Statute312
CIS Controls V7Best Practice Guideline3252
CISWIG 1Best Practice Guideline352
Cloud Security Alliance CCM V1.3Best Practice Guideline351
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard398