| ISO 27001-2013 | International or National Standard | 67 | 180 | 8 |
| NIST CSF 1.1 | International or National Standard | 47 | 29 | 7 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 42 | 159 | 10 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 38 | 132 | 4 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 36 | 139 | 4 |
| ISO/IEC 27002:2013(E) | International or National Standard | 32 | 134 | 4 |
| NIST SP 800-53 R5 | International or National Standard | 30 | 5 | 2 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 28 | 1 | 2 |
| CobiT | Safe Harbor | 25 | 157 | 1 |
| CIS Controls, V7.1 | Best Practice Guideline | 21 | 4 | 2 |
| FedRAMP Baseline Security Controls | Audit Guideline | 21 | 119 | 0 |
| ISO 27002 | International or National Standard | 21 | 7 | 2 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 18 | 12 | 2 |
| HIPAA | Bill or Act | 18 | 6 | 1 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 18 | 2 | 0 |
| NIST SP 800-53 R4 | International or National Standard | 17 | 3 | 2 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 16 | 12 | 4 |
| California Consumer Privacy Act of 2018 | Bill or Act | 15 | 38 | 1 |
| CMMC Level 3 | Best Practice Guideline | 15 | 2 | 2 |
| hipaa security rule | Regulation or Statute | 15 | 2 | 0 |
| SSAE 18 | Safe Harbor | 15 | 6 | 3 |
| 23 NYCRR 500 | Regulation or Statute | 13 | 8 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 13 | 1 | 0 |
| ISO 31000 R 2009 | International or National Standard | 13 | 159 | 1 |
| NIST Privacy Framework | International or National Standard | 13 | 8 | 1 |
| SSAE No. 16 Reporting on Controls at a Service Organization SOC-1 | Safe Harbor | 13 | 9 | 3 |
| CSIS 20 Critical Security Controls | Best Practice Guideline | 12 | 152 | 0 |
| CMMC Level 1 | Best Practice Guideline | 11 | 2 | 2 |
| CMMC Level 2 | Best Practice Guideline | 11 | 2 | 2 |
| CMMC Level 5 | Best Practice Guideline | 11 | 2 | 0 |
| COBIT 2019 | Safe Harbor | 11 | 4 | 1 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, High Impact Baseline, October 2020 | International or National Standard | 11 | 1 | 2 |
| FFIEC IT Examination Handbook | Audit Guideline | 11 | 11 | 2 |
| ISO/IEC 27018:2014 | International or National Standard | 11 | 14 | 2 |
| ISO/IEC 27701:2019 | International or National Standard | 11 | 10 | 3 |
| PCI DSS 3.0 Requirements | Self-Regulatory Body Requirement | 11 | 87 | 1 |
| PCI DSS 3.2 SAQ D Merchant | Contractual Obligation | 11 | 4 | 0 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | Self-Regulatory Body Requirement | 11 | 3 | 1 |
| California Consumer Privacy Act of 2018 | Bill or Act | 10 | 1 | 1 |
| CIS 20 Critical Security Controls | Best Practice Guideline | 10 | 23 | 2 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 10 | 3 | 5 |
| NIST CSF 1.0 | International or National Standard | 10 | 11 | 2 |
| NIST SP 800 66 | Safe Harbor | 10 | 24 | 1 |
| PCI DSS Testing Procedures v3.2 | Contractual Obligation | 10 | 19 | 2 |
| PCI SAQ A v3.2 | Contractual Obligation | 10 | 2 | 2 |
| NIST 800-53A | International or National Standard | 9 | 7 | 2 |
| NIST SP 800-171 | International or National Standard | 9 | 2 | 1 |
| Sarbanes Oxley SOX, Deprecated | Regulation or Statute | 9 | 144 | 1 |
| 21 CFR Part 11 | Regulation or Statute | 8 | 24 | 0 |
| BSI Cloud Computing Compliance Controls Catalogue (C5) | Best Practice Guideline | 8 | 8 | 0 |
