| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 37 | 164 | 10 |
| ISO 27001-2013 | International or National Standard | 37 | 186 | 8 |
| NIST CSF 1.1 | International or National Standard | 30 | 34 | 9 |
| NIST SP 800-53 R5 | International or National Standard | 20 | 7 | 3 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 19 | 143 | 4 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 16 | 137 | 4 |
| CIS Controls, V8 | Best Practice Guideline | 16 | 0 | 0 |
| CMMC Level 3 | Best Practice Guideline | 15 | 2 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 15 | 1 | 0 |
| HIPAA | Bill or Act | 13 | 9 | 4 |
| hipaa security rule | Regulation or Statute | 13 | 4 | 1 |
| HKMA General Principles for Technology Risk Management | Regulation or Statute | 13 | 18 | 0 |
| MAS TRM | Contractual Obligation | 13 | 36 | 0 |
| CobiT | Safe Harbor | 12 | 162 | 1 |
| FedRAMP Baseline Security Controls | Audit Guideline | 12 | 124 | 0 |
| ISO/IEC 27701:2019 | International or National Standard | 12 | 11 | 3 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 12 | 2 | 2 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 | Contractual Obligation | 12 | 1 | 0 |
| Australian Government Information Security Manual Controls | International or National Standard | 11 | 3 | 0 |
| ISO 27002 | International or National Standard | 11 | 7 | 2 |
| NIST SP 800-53 | International or National Standard | 11 | 16 | 1 |
| PCI DSS 3.2 SAQ D Merchant | Contractual Obligation | 11 | 4 | 0 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 11 | 2 | 0 |
| 23 NYCRR 500 | Regulation or Statute | 10 | 9 | 3 |
| India Indian Info Privacy Act | Regulation or Statute | 10 | 15 | 0 |
| Notice No.: CMG-N02, Notice On Technology Risk Management | Self-Regulatory Body Requirement | 10 | 2 | 0 |
| Risk Management of E-banking | Contractual Obligation | 10 | 18 | 0 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | Safe Harbor | 10 | 9 | 3 |
| CMMC Level 4 | Best Practice Guideline | 9 | 2 | 0 |
| CMMC Level 5 | Best Practice Guideline | 9 | 2 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | International or National Standard | 9 | 2 | 3 |
| COSO Enterprise Risk Management (2017) | Best Practice Guideline | 9 | 10 | 3 |
| Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds | Best Practice Guideline | 9 | 22 | 0 |
| HKMA-2001-12-28 - Supervisory Policy Manual (SA-2) Outsourcing | Regulation or Statute | 9 | 0 | 0 |
| ISO/IEC 27002:2013(E) | International or National Standard | 9 | 138 | 4 |
| ISO/IEC 27018:2014 | International or National Standard | 9 | 15 | 2 |
| MAS-TRMG-2021 | Contractual Obligation | 9 | 2 | 0 |
| NIST SP 800-172 | International or National Standard | 9 | 1 | 0 |
| Notice on Technology Risk Management, Notice No. CMG-N02 | Self-Regulatory Body Requirement | 9 | 38 | 0 |
| Risk Management of E-banking V.3 | Contractual Obligation | 9 | 2 | 0 |
| SWIFT Customer Security Controls Framework | Best Practice Guideline | 9 | 0 | 0 |
| APRA PPG 234 | Safe Harbor | 8 | 0 | 0 |
| APRA PPG 234 | Safe Harbor | 8 | 8 | 0 |
| COSO Internal Control - Integrated Framework | Self-Regulatory Body Requirement | 8 | 10 | 2 |
| FFIEC IT Examination Handbook | Audit Guideline | 8 | 11 | 2 |
| NIST SP 800-53 R4 High Impact, Deprecated | International or National Standard | 8 | 168 | 4 |
| NIST SP 800-53 R4, Deprecated | International or National Standard | 8 | 139 | 7 |
| PCI SAQ A v3.2 | Contractual Obligation | 8 | 3 | 3 |
| Singapore Corporate Governance | Regulation or Statute | 8 | 6 | 0 |
| ACSI 33 | Best Practice Guideline | 7 | 1 | 0 |
