News

Monthly Selected Authority Documents - March, 2018

April 10, 2018 | Monthly Updates

Here is a list of the 50 most selected Authority Documents in the Common Controls Hub this past month. We also list how many groups each Authority Document has been assigned to and how many initiatives it has been assigned to.

AD Common Name	AD Type	Selected	Groups	Initiatives
NIST SP 800-53 R4	International or National Standard	60	42	6
EU General Data Protection Regulation (GDPR)	Regulations	52	50	3
ISO 27001-2013	International or National Standard	50	81	18
NIST SP 800-53 R4 Moderate Impact	International or National Standard	45	18	5
Sarbanes Oxley SOX	Regulation or Statute	39	56	12
NIST SP 800-53 R4 High Impact	International or National Standard	38	62	3
NIST SP 800-53 R4 Low Impact	International or National Standard	38	14	3
FedRAMP Baseline Security Controls	Audit Guideline	32	31	4
PCI DSS Requirements and Security Assessment Procedures	Contractual Obligation	31	52	3
HIPAA	Bill or Act	30	37	8
NIST SP 800-171	International or National Standard	30	4	1
ISO 27002	International or National Standard	29	10	7
AICPA Reporting on Controls at a Service Organization SOC-2	Safe Harbor	28	31	3
Gramm Leach Bliley	Bill or Act	26	12	6
NIST SP 800-53	International or National Standard	26	7	3
CobiT	Safe Harbor	24	69	6
NIST Framework for Improving Critical Infrastructure Cybersecurity	International or National Standard	24	13	7
NIST Cybersecurity Framework	International or National Standard	23	1	1
HIPAA Electronic Health Record Technology	Regulation or Statute	20	7	3
ISO/IEC 27002:2013(E)	International or National Standard	19	63	13
45 CFR Part 164	Regulation or Statute	17	13	6
SSAE No. 16 Reporting on Controls at a Service Organization SOC-1	Safe Harbor	17	9	3
NIST SP 800 66	Safe Harbor	16	8	5
Red Book (Condensed)	International or National Standard	16	0	0
ISO 31000 R 2009	International or National Standard	14	64	4
Cloud Security Alliance CCM V1.3	Best Practice Guideline	13	11	5
CSIS 20 Critical Security Controls	Best Practice Guideline	13	62	4
HIPAA HCFA	Best Practice Guideline	13	18	2
NIST 800-53A	International or National Standard	12	6	3
ISO 27005 R 2011	International or National Standard	11	9	6
PCI DSS 3.1	Contractual Obligation	11	3	2
Authentication in an Internet Banking Environment	Best Practice Guideline	10	5	0
Cloud Controls Matrix, Version 3.0	Self-Regulatory Body Requirement	10	4	1
COSO ERM	Safe Harbor	10	5	3
Federal Information Security Management Act FISMA	Regulation or Statute	10	14	4
FFIEC CAT	Best Practice Guideline	10	0	0
FFIEC IT Examination Handbook	Audit Guideline	10	0	0
Shared Assessments SIG - A. Risk Management	Audit Guideline	10	7	3
Canada Personal Information Protection Electronic Documents Act	Regulation or Statute	9	6	3
Canada Privacy Policy Principles	Regulation or Statute	9	4	2
ISO 22301- Societal Security - Business Continuity Management Systems - Requirements	International or National Standard	9	3	1
Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts	Regulation or Statute	9	9	4
16 CFR Part 314	Regulation or Statute	8	11	6
Australia Privacy Amendment Act	Regulation or Statute	8	14	6
CISWIG 1	Best Practice Guideline	8	4	1
COSO Internal Control - Integrated Framework	Self-Regulatory Body Requirement	8	0	0
FFIEC Business Continuity Planning Handbook 2015	Audit Guideline	8	0	0
NIST SP 800-122	International or National Standard	8	9	2
Shared Assessments SIG - B. Security Policy	Audit Guideline	8	7	3
Shared Assessments SIG - C. Organizational Security	Audit Guideline	8	7	3