News

Monthly Selected Authority Documents - November, 2018

December 1, 2018 | News/Articles

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name	AD Type	Selected	Groups	Initiatives
ISO 27001-2013	International or National Standard	76	115	21
EU General Data Protection Regulation (GDPR)	Regulation or Statute	29	77	4
AICPA Reporting on Controls at a Service Organization SOC-2	Safe Harbor	26	51	5
NIST Cybersecurity Framework	International or National Standard	26	7	2
PCI DSS Requirements and Security Assessment Procedures	Contractual Obligation	26	83	9
NIST SP 800-53 R4 High Impact	International or National Standard	25	89	4
NIST SP 800-53 R4 Moderate Impact	International or National Standard	25	29	6
NIST SP 800-53 R4	International or National Standard	24	59	8
NIST SP 800-53 R4 Low Impact	International or National Standard	21	24	4
Sarbanes Oxley SOX	Regulation or Statute	21	83	16
HIPAA	Bill or Act	17	46	8
ISO 27002	International or National Standard	16	11	7
CIS Controls V7	Best Practice Guideline	15	0	0
NIST SP 800 66	Safe Harbor	14	8	5
NIST SP 800-53	International or National Standard	14	9	3
ISO/IEC 27002:2013(E)	International or National Standard	13	91	17
NIST Framework for Improving Critical Infrastructure Cybersecurity	International or National Standard	13	17	7
ISO 27005 R 2011	International or National Standard	12	11	6
23 NYCRR 500	Regulation or Statute	11	0	6
Gramm Leach Bliley	Bill or Act	11	12	10
HIPAA Electronic Health Record Technology	Regulation or Statute	10	7	3
PCI SAQ A v3.1	Contractual Obligation	10	5	1
Red Book (Condensed)	International or National Standard	10	1	1
CobiT	Safe Harbor	9	95	6
FFIEC CAT	Best Practice Guideline	9	0	0
ISO/IEC 27017:2015(E)	Self-Regulatory Body Requirement	9	1	1
NIST SP 800-171	International or National Standard	9	5	2
45 CFR Part 164	Regulation or Statute	8	13	6
Cloud Controls Matrix, Version 3.0	Self-Regulatory Body Requirement	8	6	1
Cloud Security Alliance CCM V1.3	Best Practice Guideline	8	12	6
FFIEC Audit April 2012	Best Practice Guideline	8	0	0
FFIEC IT Examination Handbook	Audit Guideline	7	0	0
Insurance Data Security Model Law, NAIC MDL-668	Best Practice Guideline	7	0	0
NIST 800-53A	International or National Standard	7	6	3
Third-Party Relationships Risk Management Guidance, OCC bulletin 2013-29 October 30 2013	Organizational Directive	7	3	0
21 CFR Part 820	Regulation or Statute	6	4	1
Appendix B of 12 CFR Part 30	Regulation or Statute	6	3	0
COSO Enterprise Risk Management (2017)	Best Practice Guideline	6	0	0
FFIEC Business Continuity Planning	Best Practice Guideline	6	5	0
FFIEC Operations	Best Practice Guideline	6	5	0
FFIEC Outsourcing Technology Services	Best Practice Guideline	6	8	1
FFIEC Retail Payment Systems 2016	Best Practice Guideline	6	0	0
FFIEC Wholesale Payment Systems	Best Practice Guideline	6	5	0
Framework for Improving Critical Infrastructure Cybersecurity	International or National Standard	6	0	0
ISO 31000 R 2009	International or National Standard	6	91	4
NERC CIP 005-5	International or National Standard	6	0	0
NERC CIP 008-5	International or National Standard	6	0	0
NIST SP 800-39	International or National Standard	6	1	0
PCI DSS 3.0 Requirements	Self-Regulatory Body Requirement	6	23	6
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1	Safe Harbor	6	11	3