| ISO 27001-2013 | International or National Standard | 84 | 151 | 7 |
| NIST SP 800-53 R4 | International or National Standard | 41 | 112 | 5 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 36 | 128 | 2 |
| NIST SP 800-53 R4 Moderate Impact | International or National Standard | 35 | 54 | 3 |
| CobiT | Safe Harbor | 30 | 133 | 1 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 30 | 133 | 6 |
| Sarbanes Oxley SOX | Regulation or Statute | 28 | 120 | 1 |
| NIST SP 800-53 R4 High Impact | International or National Standard | 27 | 141 | 3 |
| NIST CSF 1.1 | International or National Standard | 26 | 22 | 2 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 25 | 107 | 2 |
| HIPAA | Bill or Act | 25 | 78 | 1 |
| NIST SP 800-53 R4 Low Impact | International or National Standard | 20 | 53 | 3 |
| FedRAMP Baseline Security Controls | Audit Guideline | 19 | 96 | 0 |
| CIS Controls V7 | Best Practice Guideline | 18 | 17 | 1 |
| Gramm Leach Bliley | Bill or Act | 15 | 7 | 0 |
| NIST SP 800 66 | Safe Harbor | 15 | 8 | 0 |
| NIST SP 800-53 | International or National Standard | 15 | 9 | 0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 14 | 0 | 0 |
| ISO/IEC 27018:2014 | International or National Standard | 14 | 4 | 0 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 13 | 7 | 1 |
| ISO 27002 | International or National Standard | 12 | 1 | 1 |
| ISO 31000 R 2009 | International or National Standard | 12 | 135 | 2 |
| California Consumer Privacy Act of 2018 | Bill or Act | 11 | 23 | 0 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 11 | 3 | 3 |
| PCI DSS 3.0 Requirements | Self-Regulatory Body Requirement | 11 | 67 | 1 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 10 | 6 | 0 |
| CSIS 20 Critical Security Controls | Best Practice Guideline | 10 | 131 | 0 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | International or National Standard | 10 | 2 | 0 |
| ISO/IEC 27002:2013(E) | International or National Standard | 10 | 127 | 1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 10 | 0 | 0 |
| 23 NYCRR 500 | Regulation or Statute | 9 | 6 | 2 |
| 45 CFR Part 164 | Regulation or Statute | 9 | 7 | 2 |
| AICPA Trust Services | Audit Guideline | 9 | 3 | 0 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 9 | 9 | 0 |
| CMMC Level 3 | Best Practice Guideline | 9 | 0 | 0 |
| ISO/IEC 27701:2019 | International or National Standard | 9 | 5 | 0 |
| NICE NIST | International or National Standard | 9 | 1 | 0 |
| PCI DSS Testing Procedures v3.2 | Contractual Obligation | 9 | 5 | 0 |
| SWIFT Customer Security Controls Framework | Best Practice Guideline | 9 | 0 | 0 |
| APRA PPG 234 | Safe Harbor | 8 | 7 | 0 |
| Federal Information Security Management Act FISMA | Regulation or Statute | 8 | 2 | 0 |
| FFIEC Business Continuity Planning Handbook 2015 | Audit Guideline | 8 | 3 | 1 |
| HKMA General Principles for Technology Risk Management | Regulation or Statute | 8 | 12 | 0 |
| HKMA Supervisory Policy Manual TM-G-2 Business Continuity Planning | Contractual Obligation | 8 | 20 | 0 |
| NIST SP 800-171 | International or National Standard | 8 | 1 | 1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 8 | 6 | 0 |
| PCI DSS 3.2 SAQ D Service Provider | Contractual Obligation | 8 | 2 | 2 |
| CIS 20 Critical Security Controls | Best Practice Guideline | 7 | 6 | 0 |
| CMMC Level 5 | Best Practice Guideline | 7 | 0 | 0 |
| COBIT 2019 | Safe Harbor | 7 | 1 | 1 |
