| ISO 27001-2013 | International or National Standard | 40 | 171 | 8 |
| NIST CSF 1.1 | International or National Standard | 22 | 28 | 7 |
| NIST SP 800-53 R5 | International or National Standard | 21 | 3 | 2 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 21 | 137 | 4 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 17 | 152 | 11 |
| ISO/IEC 27002:2013(E) | International or National Standard | 17 | 133 | 4 |
| 23 NYCRR 500 | Regulation or Statute | 15 | 7 | 3 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 15 | 125 | 3 |
| ISO/IEC 27701:2019 | International or National Standard | 15 | 8 | 3 |
| NIST SP 800 66 | Safe Harbor | 15 | 19 | 1 |
| Sarbanes Oxley SOX | Regulation or Statute | 15 | 140 | 1 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 14 | 3 | 3 |
| NIST SP 800-53 R4 | International or National Standard | 14 | 3 | 2 |
| CIS Controls, V7.1 | Best Practice Guideline | 13 | 2 | 3 |
| ISO/IEC 27018:2014 | International or National Standard | 13 | 14 | 2 |
| NIST SP 800-53 | International or National Standard | 13 | 14 | 0 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4 | International or National Standard | 13 | 3 | 0 |
| FedRAMP Baseline Security Controls | Audit Guideline | 12 | 114 | 0 |
| ISO 27002 | International or National Standard | 12 | 4 | 1 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 11 | 8 | 0 |
| CMMC Level 5 | Best Practice Guideline | 11 | 0 | 1 |
| CobiT | Safe Harbor | 11 | 151 | 2 |
| ISO 27005 R 2011 | International or National Standard | 11 | 10 | 2 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 11 | 12 | 4 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 11 | 1 | 3 |
| NIST SP 800-53 R4 Moderate Impact, Deprecated | International or National Standard | 11 | 71 | 6 |
| AICPA Trust Services | Audit Guideline | 10 | 4 | 0 |
| NIST SP 800-53 R4 High Impact, Deprecated | International or National Standard | 10 | 159 | 5 |
| NIST SP 800-53 R4, Deprecated | International or National Standard | 10 | 130 | 8 |
| 45 CFR Part 164 | Regulation or Statute | 9 | 8 | 2 |
| CMMC Level 1 | Best Practice Guideline | 9 | 0 | 3 |
| CMMC Level 3 | Best Practice Guideline | 9 | 0 | 3 |
| CMMC Level 4 | Best Practice Guideline | 9 | 0 | 1 |
| COSO Internal Control - Integrated Framework | Self-Regulatory Body Requirement | 9 | 5 | 2 |
| FFIEC CAT | Best Practice Guideline | 9 | 9 | 2 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | International or National Standard | 9 | 11 | 0 |
| ISO 31000 R 2009 | International or National Standard | 9 | 154 | 2 |
| New York General Business Law Chapter 20, Article 39-F, Section 899-aa, Notification; person without valid authorization has acquired private information | Bill or Act | 9 | 1 | 0 |
| NIST CSF 1.0 | International or National Standard | 9 | 10 | 1 |
| Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4 | International or National Standard | 9 | 2 | 0 |
| California Consumer Privacy Act of 2018 | Bill or Act | 8 | 31 | 1 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 8 | 12 | 2 |
| CMMC Level 2 | Best Practice Guideline | 8 | 0 | 3 |
| New York General Business Law Chapter 20, Article 39-F, Section 899-BB | Bill or Act | 8 | 1 | 0 |
| NIST 800-53A | International or National Standard | 8 | 6 | 2 |
| NIST Privacy Framework | International or National Standard | 8 | 7 | 1 |
| NIST SP 800-171 | International or National Standard | 8 | 2 | 1 |
| NIST SP 800-53 R4 Low Impact, Deprecated | International or National Standard | 8 | 70 | 6 |
| 12 CFR Part 748 | Safe Harbor | 7 | 0 | 0 |
| 45 CFR Part 162 | Regulation or Statute | 7 | 1 | 1 |
