SOC 2
Common Criteria (Security)
33 controls in this category. Click any control to see implementation guidance, evidence requirements, and common audit failures.
CC1.1 critical
COSO Principle 1: Demonstrates Commitment to Integrity and Ethical Values
Common Criteria (Security)
CC1.2 high
COSO Principle 2: Board of Directors Demonstrates Independence from Management
Common Criteria (Security)
CC1.3 high
COSO Principle 3: Management Establishes Structures, Reporting Lines, and Authorities
Common Criteria (Security)
CC1.4 high
COSO Principle 4: Demonstrates Commitment to Attract, Develop, and Retain Competent Individuals
Common Criteria (Security)
CC1.5 high
COSO Principle 5: Holds Individuals Accountable for Internal Control Responsibilities
Common Criteria (Security)
CC2.1 high
COSO Principle 13: Obtains or Generates Relevant, Quality Information
Common Criteria (Security)
CC2.2 medium
COSO Principle 14: Internally Communicates Information
Common Criteria (Security)
CC2.3 high
COSO Principle 15: Externally Communicates Information
Common Criteria (Security)
CC3.1 high
COSO Principle 6: Specifies Suitable Objectives
Common Criteria (Security)
CC3.2 critical
COSO Principle 7: Identifies and Analyzes Risk
Common Criteria (Security)
CC3.3 high
COSO Principle 8: Assesses Fraud Risk
Common Criteria (Security)
CC3.4 high
COSO Principle 9: Identifies and Analyzes Significant Change
Common Criteria (Security)
CC4.1 critical
COSO Principle 16: Selects, Develops, and Performs Ongoing and/or Separate Evaluations
Common Criteria (Security)
CC5.1 critical
COSO Principle 10: Selects and Develops Control Activities That Mitigate Risks
Common Criteria (Security)
CC5.2 critical
COSO Principle 11: Selects and Develops General Controls Over Technology
Common Criteria (Security)
CC6.1 critical
Logical and Physical Access - Security Software, Infrastructure, and Architectures
Common Criteria (Security)
CC5.3 high
COSO Principle 12: Deploys Through Policies and Procedures
Common Criteria (Security)
CC6.2 critical
Logical and Physical Access - User Registration and Authorization
Common Criteria (Security)
CC6.3 critical
Logical and Physical Access - Role-Based Access and Least Privilege
Common Criteria (Security)
CC6.4 high
Logical and Physical Access - Physical Access Restrictions
Common Criteria (Security)
CC4.2 high
COSO Principle 17: Evaluates and Communicates Deficiencies
Common Criteria (Security)
CC6.5 high
Logical and Physical Access - Logical Access to Protected Assets
Common Criteria (Security)
CC6.6 critical
Logical and Physical Access - Security Against Threats Outside System Boundaries
Common Criteria (Security)
CC6.7 high
Logical and Physical Access - Transmission of Data
Common Criteria (Security)
CC6.8 critical
Logical and Physical Access - Prevention and Detection of Unauthorized Software
Common Criteria (Security)
CC7.1 critical
System Operations - Detection of Security Events
Common Criteria (Security)
CC7.2 critical
System Operations - Monitoring of System Components for Anomalies
Common Criteria (Security)
CC7.4 critical
System Operations - Incident Response
Common Criteria (Security)
CC8.1 critical
Change Management - Changes to Infrastructure, Data, Software, and Procedures
Common Criteria (Security)
CC7.5 critical
System Operations - Incident Recovery
Common Criteria (Security)
CC7.3 high
System Operations - Evaluation of Security Events
Common Criteria (Security)
CC9.1 high
Risk Mitigation - Risk Mitigation Activities
Common Criteria (Security)
CC9.2 high
Risk Mitigation - Vendor and Business Partner Risk Management
Common Criteria (Security)
Assess SOC 2 Common Criteria (Security)
Track every control, collect evidence, and generate audit-ready reports with AuditFront.
Start Free Assessment