Monthly Selected Authority Documents - April, 2023

May 2, 2023 | News/Articles

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.


AD Common NameAD TypeSelectedGroupsInitiatives
NIST SP 800-53 R5International or National Standard342614
ISO/IEC 27001:2022International or National Standard2253
EU General Data Protection Regulation (GDPR)Regulation or Statute1917916
ISO 27001-2013International or National Standard1720919
ISO/IEC 27002:2022International or National Standard1735
NIST CSF 1.1International or National Standard175322
PCI DSS Defined Approach Requirements, Version 4.0International or National Standard1783
HIPAABill or Act14104
CobiTSafe Harbor131671
CIS Controls, V8Best Practice Guideline1298
ISO 27002International or National Standard1182
Sarbanes-Oxley Act of 2002Bill or Act1156
AICPA Reporting on Controls at a Service Organization SOC-2Safe Harbor101444
ISO/IEC 27701:2019International or National Standard9188
NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and OrganizationsInternational or National Standard9128
Cloud Controls Matrix, v4.0Self-Regulatory Body Requirement830
CMMC Level 2, v2.0Best Practice Guideline876
FedRAMP Baseline Security ControlsAudit Guideline81290
hipaa security ruleRegulation or Statute851
PCI DSS Defined Approach Testing Procedures, Version 4.0International or National Standard864
BSI Cloud Computing Compliance Controls Catalogue (C5)Best Practice Guideline7184
NIST SP 800-171International or National Standard742
NIST SP 800-39International or National Standard7156
NIST SP 800-53International or National Standard7171
PCI DSS v3.2.1Contractual Obligation784
SOC2Safe Harbor750
CIS Controls, V7.1Best Practice Guideline684
HIPAA Electronic Health Record TechnologyRegulation or Statute621
NIST SP 800-30International or National Standard62212
COSO ERMSafe Harbor5118
France Data Protection ActRegulation or Statute521
Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet TradingRegulation or Statute522
HIPAA HCFABest Practice Guideline532
ISO 22301- Societal Security - Business Continuity Management Systems - RequirementsInternational or National Standard5190
MAS-TRMG-2021Contractual Obligation570
Netherlands Personal Data Protection ActRegulation or Statute520
NIST Privacy FrameworkInternational or National Standard5157
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1Safe Harbor593
SWIFT Customer Security Controls FrameworkBest Practice Guideline500
California Consumer Privacy Act of 2018Bill or Act4441
California Privacy Rights Act (CPRA)Bill or Act421
China Personal Data Ordinance of Hong Kong 2Regulation or Statute470
CIS SuSE Linux Enterprise ServerBest Practice Guideline450
Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020International or National Standard4108
EBA/GL/2019/04Regulation or Statute4170
EU 8th DirectiveRegulation or Statute491
FedRAMP Security Controls Baseline, 2018Audit Guideline414
Gramm Leach BlileyBill or Act430
Hong Kong Personal Data (Privacy) Ordinance 2013Bill or Act440
Ireland Consolidated Data Protection Acts of 1988 and 2003Regulation or Statute450