| NIST SP 800-53 R5 | International or National Standard | 20 | 16 | 11 |
| ISO 27001-2013 | International or National Standard | 19 | 192 | 17 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 17 | 169 | 15 |
| PCI DSS v3.2.1 | Contractual Obligation | 15 | 4 | 4 |
| NIST CSF 1.1 | International or National Standard | 13 | 40 | 19 |
| ISO/IEC 27002:2022 | International or National Standard | 12 | 1 | 3 |
| PCI DSS Defined Approach Requirements, Version 4.0 | International or National Standard | 11 | 1 | 3 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 11 | 2 | 4 |
| NIST SP 800-53 | International or National Standard | 10 | 17 | 1 |
| CIS Controls, V8 | Best Practice Guideline | 9 | 7 | 7 |
| PCI DSS Wireless Guideline | Safe Harbor | 9 | 7 | 1 |
| 23 NYCRR 500 | Regulation or Statute | 8 | 11 | 3 |
| hipaa security rule | Regulation or Statute | 8 | 5 | 1 |
| PCI DSS Defined Approach Testing Procedures, Version 4.0 | International or National Standard | 8 | 4 | 3 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 7 | 10 | 7 |
| Red Book (Condensed) | International or National Standard | 7 | 12 | 7 |
| SOC2 | Safe Harbor | 7 | 0 | 0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 6 | 12 | 3 |
| ISO 22301:2019(E) | International or National Standard | 6 | 0 | 0 |
| NIST CSF 1.0 | International or National Standard | 6 | 11 | 2 |
| Cloud Controls Matrix, v4.0 | Self-Regulatory Body Requirement | 5 | 2 | 0 |
| FedRAMP Baseline Security Controls | Audit Guideline | 5 | 124 | 0 |
| Gramm Leach Bliley | Bill or Act | 5 | 2 | 1 |
| ISO 27002 | International or National Standard | 5 | 7 | 2 |
| ISO/IEC 27002:2013(E) | International or National Standard | 5 | 144 | 13 |
| ISO/IEC 27701:2019 | International or National Standard | 5 | 17 | 8 |
| MAS TRM | Contractual Obligation | 5 | 37 | 0 |
| PCI DSS 3.0 Requirements | Self-Regulatory Body Requirement | 5 | 95 | 1 |
| PCI SAQ A v3.1 | Contractual Obligation | 5 | 4 | 0 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 4 | 137 | 4 |
| CIS 20 Critical Security Controls | Best Practice Guideline | 4 | 25 | 2 |
| CMMC Level 1, v2.0 | Best Practice Guideline | 4 | 5 | 5 |
| CMMC Level 2, v2.0 | Best Practice Guideline | 4 | 6 | 5 |
| FFIEC CAT | Best Practice Guideline | 4 | 10 | 1 |
| FFIEC Information Technology Examination Handbook - Business Continuity Management | Audit Guideline | 4 | 15 | 5 |
| Generally Accepted Privacy Principles | Best Practice Guideline | 4 | 4 | 1 |
| Guidelines for Reducing and Mitigating Hacking Risks Associated with Internet Trading | Regulation or Statute | 4 | 2 | 2 |
| ISO 27005:2018 | International or National Standard | 4 | 0 | 0 |
| MAS-TRMG-2021 | Contractual Obligation | 4 | 4 | 0 |
| Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts | Regulation or Statute | 4 | 2 | 0 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 4 | 150 | 7 |
| PCI DSS Security Scanning Procedures | Contractual Obligation | 4 | 7 | 2 |
| ACSI 33 | Best Practice Guideline | 3 | 1 | 0 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 3 | 10 | 1 |
| Australian Government Information Security Manual 2021 | International or National Standard | 3 | 0 | 0 |
| Canada Personal Information Protection Electronic Documents Act | Regulation or Statute | 3 | 1 | 2 |
| CIS Controls V7 | Best Practice Guideline | 3 | 25 | 2 |
| CISWIG 1 | Best Practice Guideline | 3 | 5 | 2 |
| Cloud Security Alliance CCM V1.3 | Best Practice Guideline | 3 | 5 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | International or National Standard | 3 | 9 | 8 |
