News

Monthly Selected Authority Documents - June, 2021

July 1, 2021 | News/Articles

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name	AD Type	Selected	Groups	Initiatives
ISO 27001-2013	International or National Standard	30	181	8
NIST SP 800-53 R5	International or National Standard	25	6	3
NIST CSF 1.1	International or National Standard	24	29	9
CIS Controls, V7.1	Best Practice Guideline	19	5	2
PCI DSS Requirements and Security Assessment Procedures	Contractual Obligation	19	139	4
EU General Data Protection Regulation (GDPR)	Regulation or Statute	17	159	10
hipaa security rule	Regulation or Statute	13	3	1
ISO/IEC 27002:2013(E)	International or National Standard	13	134	4
CobiT	Safe Harbor	12	157	1
Sarbanes-Oxley Act of 2002	Bill or Act	12	2	0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020	International or National Standard	11	1	0
ISO/IEC 27701:2019	International or National Standard	11	11	3
AICPA Reporting on Controls at a Service Organization SOC-2	Safe Harbor	10	132	4
ISO/IEC 27017:2015(E)	Self-Regulatory Body Requirement	10	12	4
BSI Cloud Computing Compliance Controls Catalogue (C5)	Best Practice Guideline	9	8	0
CMMC Level 3	Best Practice Guideline	9	2	2
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8	Organizational Directive	9	3	1
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements	International or National Standard	9	12	0
ISO 27002	International or National Standard	9	7	2
PCI DSS 3.2 SAQ D Merchant	Contractual Obligation	8	4	0
SSAE 18	Safe Harbor	8	6	3
TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy	Self-Regulatory Body Requirement	8	3	2
AICPA Trust Services Principles and Criteria	Self-Regulatory Body Requirement	7	10	1
Cloud Security Alliance CCM V1.3	Best Practice Guideline	7	5	0
CMMC Level 1	Best Practice Guideline	7	2	2
HIPAA	Bill or Act	7	6	2
ISO 27005 R 2011	International or National Standard	7	12	3
ISO/IEC 27018:2014	International or National Standard	7	14	2
NIST SP 800-53	International or National Standard	7	16	1
CIS 20 Critical Security Controls	Best Practice Guideline	6	23	2
Cloud Controls Matrix, Version 3.0	Self-Regulatory Body Requirement	6	12	2
CMMC Level 4	Best Practice Guideline	6	2	0
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020	International or National Standard	6	1	3
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Low Impact Baseline, October 2020	International or National Standard	6	1	0
COSO Enterprise Risk Management (2017)	Best Practice Guideline	6	7	3
DFARS 252.204-7012	Bill or Act	6	0	0
FedRAMP Baseline Security Controls	Audit Guideline	6	119	0
HIPAA Electronic Health Record Technology	Regulation or Statute	6	0	1
ISO 20000-1 2nd Ed	International or National Standard	6	29	0
MAS TRM	Contractual Obligation	6	32	0
NIST 800-53A	International or National Standard	6	7	2
NIST SP 800 66	Safe Harbor	6	24	1
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1	Contractual Obligation	6	0	0
PCI SAQ A v3.2	Contractual Obligation	6	2	3
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4	International or National Standard	6	5	0
Trust Services Criteria	Self-Regulatory Body Requirement	6	6	2
23 NYCRR 500	Regulation or Statute	5	8	3
AICPA Trust Services	Audit Guideline	5	6	1
California Consumer Privacy Act of 2018	Bill or Act	5	38	1
CMMC Level 2	Best Practice Guideline	5	2	2