| PCI DSS Defined Approach Requirements, Version 4.0 | International or National Standard | 27 | 8 | 3 |
| NIST SP 800-53 R5 | International or National Standard | 22 | 26 | 15 |
| NIST CSF 1.1 | International or National Standard | 20 | 57 | 22 |
| ISO/IEC 27001:2022 | International or National Standard | 19 | 6 | 3 |
| CIS Controls, V8 | Best Practice Guideline | 16 | 10 | 8 |
| PCI DSS v3.2.1 | Contractual Obligation | 12 | 8 | 4 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 11 | 3 | 0 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 11 | 184 | 18 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 11 | 5 | 6 |
| ISO 27001-2013 | International or National Standard | 10 | 213 | 21 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 10 | 13 | 8 |
| NIST SP 800-53 | International or National Standard | 10 | 17 | 1 |
| 23 NYCRR 500 | Regulation or Statute | 9 | 26 | 4 |
| NIST SP 800-39 | International or National Standard | 9 | 19 | 6 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 8 | 18 | 4 |
| hipaa security rule | Regulation or Statute | 8 | 5 | 1 |
| California Consumer Privacy Act of 2018 | Bill or Act | 7 | 44 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 7 | 9 | 5 |
| ISO/IEC 27002:2022 | International or National Standard | 7 | 3 | 5 |
| NIST SP 800-37r2 | International or National Standard | 7 | 13 | 5 |
| PCI DSS v4.0 SAQ D Merchants | Contractual Obligation | 7 | 2 | 1 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 6 | 144 | 6 |
| Basel II | Regulation or Statute | 6 | 12 | 0 |
| California Privacy Rights Act (CPRA) | Bill or Act | 6 | 3 | 1 |
| CobiT | Safe Harbor | 6 | 167 | 1 |
| COBIT 2019 | Safe Harbor | 6 | 5 | 2 |
| Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.8 | Organizational Directive | 6 | 4 | 1 |
| ISO 27002 | International or National Standard | 6 | 8 | 4 |
| Kansas Statutes, Protection Of Consumer Information | Regulation or Statute | 6 | 0 | 0 |
| Nevada Revised Statutes, Chapter 603A | Regulation or Statute | 6 | 2 | 0 |
| NIST AI 100-1 | Best Practice Guideline | 6 | 0 | 0 |
| NIST Privacy Framework | International or National Standard | 6 | 15 | 7 |
| PCI DSS v4 SAQ D for Service Providers | Self-Regulatory Body Requirement | 6 | 0 | 0 |
| Red Book (Condensed) | International or National Standard | 6 | 13 | 7 |
| Trust Services Criteria (with Revised Points of Focus - 2022) | Self-Regulatory Body Requirement | 6 | 0 | 0 |
| 3 CCR 702-6 | Regulation or Statute | 5 | 1 | 0 |
| Alaska Personal Information Protection Act, Chapter 48 | Regulation or Statute | 5 | 2 | 1 |
| Arkansas Personal Information Protection Act | Regulation or Statute | 5 | 1 | 0 |
| Canada Personal Information Protection Electronic Documents Act | Regulation or Statute | 5 | 1 | 2 |
| Childrens Online Privacy Protection Act | Regulation or Statute | 5 | 6 | 0 |
| Code of Alabama, Sections 13A-8-190 thru 13A-8-201 | Regulation or Statute | 5 | 3 | 2 |
| Consumer Data Protection Act | Bill or Act | 5 | 0 | 0 |
| COSO ERM | Safe Harbor | 5 | 11 | 8 |
| Delaware Code, Title 6, Subtitle II, Chapter 12B, Sections 12B-101 thru 104 | Regulation or Statute | 5 | 1 | 0 |
| FedRAMP Baseline Security Controls | Audit Guideline | 5 | 129 | 0 |
| FINRA Report on Cybersecurity Practices | Self-Regulatory Body Requirement | 5 | 9 | 1 |
| Florida Statute ยง 501.171 Security of confidential personal information | Regulation or Statute | 5 | 1 | 0 |
| General Laws of Massachusetts, Chapter 93H, Security Breaches | Regulation or Statute | 5 | 2 | 0 |
| Guam Notification of Breaches of Personal Information | Regulation or Statute | 5 | 0 | 0 |
| Hawaii Revised Statute, Section 487N, Security Breach of Personal Information | Regulation or Statute | 5 | 0 | 0 |
