| NIST CSF 2.0 | International or National Standard | 63 | 1 | 1 |
| ISO/IEC 27001:2022 | International or National Standard | 44 | 10 | 4 |
| CIS Controls, V8 | Best Practice Guideline | 27 | 13 | 9 |
| NIST SP 800-53 R5 | International or National Standard | 27 | 28 | 17 |
| ISO/IEC 27002:2022 | International or National Standard | 25 | 11 | 10 |
| PCI DSS Defined Approach Requirements, Version 4.0 | International or National Standard | 24 | 10 | 5 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | International or National Standard | 22 | 6 | 5 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 20 | 185 | 19 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 20 | 16 | 9 |
| 23 NYCRR 500 | Regulations | 19 | 3 | 3 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 19 | 6 | 6 |
| 23 NYCRR 500 | Regulation or Statute | 17 | 31 | 8 |
| Gramm Leach Bliley | Bill or Act | 17 | 11 | 0 |
| NIST SP 800-53 Revision 5.1.1 | International or National Standard | 17 | 0 | 0 |
| SOC 2®, 2022 | Audit Guideline | 16 | 1 | 0 |
| CMMC Level 2, v2.0 | Best Practice Guideline | 15 | 10 | 6 |
| Digital Operational Resilience Act | Regulations | 15 | 1 | 1 |
| FFIEC CAT | Best Practice Guideline | 15 | 24 | 1 |
| ISO/IEC 27701:2019 | International or National Standard | 15 | 19 | 10 |
| NIST SP 800-53 | International or National Standard | 15 | 17 | 2 |
| ISO 27001-2013 | International or National Standard | 14 | 218 | 23 |
| COBIT 2019 | Safe Harbor | 13 | 9 | 2 |
| hipaa security rule | Regulation or Statute | 13 | 5 | 1 |
| NIST AI 100-1 | Best Practice Guideline | 13 | 1 | 0 |
| Appendix B of 12 CFR Part 30 | Regulation or Statute | 12 | 23 | 5 |
| CSF V1.1 | International or National Standard | 12 | 0 | 0 |
| Red Book (Condensed) | International or National Standard | 12 | 22 | 7 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | Self-Regulatory Body Requirement | 12 | 6 | 2 |
| California Privacy Rights Act (CPRA) | Bill or Act | 11 | 4 | 2 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 11 | 6 | 1 |
| CobiT | Safe Harbor | 11 | 168 | 2 |
| FFIEC IT Examination Handbook Architecture, Infrastructure, and Operations 2021 | Audit Guideline | 11 | 13 | 0 |
| NIST Privacy Framework | International or National Standard | 11 | 15 | 7 |
| Notice on Cyber Hygiene | Bill or Act | 11 | 12 | 0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 10 | 18 | 4 |
| California Consumer Privacy Act of 2018 | Bill or Act | 10 | 45 | 2 |
| Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading | Regulation or Statute | 10 | 10 | 2 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | Safe Harbor | 10 | 9 | 3 |
| Trust Services Criteria (with Revised Points of Focus - 2022) | Self-Regulatory Body Requirement | 10 | 5 | 3 |
| 16 CFR Part 314, Standards for Safeguarding Customer Information | Regulation or Statute | 9 | 14 | 6 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 9 | 144 | 7 |
| CMMC Level 1, v2.0 | Best Practice Guideline | 9 | 8 | 5 |
| Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union, 14 December, 2022 | Regulatory Directive or Guidance | 9 | 1 | 1 |
| FFIEC Development Acquisition | Best Practice Guideline | 9 | 22 | 0 |
| FFIEC Information Technology Examination Handbook - Business Continuity Management | Audit Guideline | 9 | 20 | 5 |
| FFIEC Outsourcing Technology Services | Best Practice Guideline | 9 | 22 | 1 |
| HIPAA HCFA | Best Practice Guideline | 9 | 3 | 2 |
| MAS Guidelines on Outsourcing | Bill or Act | 9 | 9 | 0 |
| MAS-TRMG-2021 | Contractual Obligation | 9 | 16 | 0 |
| NIST SP 800-37r2 | International or National Standard | 9 | 13 | 5 |
