SOC 2
Common Criteria (Security)
33 controls in this category. Click any control to see implementation guidance, evidence requirements, and common audit failures.
CC1.2 high
COSO Principle 2: Board of Directors Demonstrates Independence from Management
Common Criteria (Security)
CC1.1 critical
COSO Principle 1: Demonstrates Commitment to Integrity and Ethical Values
Common Criteria (Security)
CC1.3 high
COSO Principle 3: Management Establishes Structures, Reporting Lines, and Authorities
Common Criteria (Security)
CC1.4 high
COSO Principle 4: Demonstrates Commitment to Attract, Develop, and Retain Competent Individuals
Common Criteria (Security)
CC1.5 high
COSO Principle 5: Holds Individuals Accountable for Internal Control Responsibilities
Common Criteria (Security)
CC2.1 high
COSO Principle 13: Obtains or Generates Relevant, Quality Information
Common Criteria (Security)
CC2.2 medium
COSO Principle 14: Internally Communicates Information
Common Criteria (Security)
CC2.3 high
COSO Principle 15: Externally Communicates Information
Common Criteria (Security)
CC3.1 high
COSO Principle 6: Specifies Suitable Objectives
Common Criteria (Security)
CC3.2 critical
COSO Principle 7: Identifies and Analyzes Risk
Common Criteria (Security)
CC3.3 high
COSO Principle 8: Assesses Fraud Risk
Common Criteria (Security)
CC3.4 high
COSO Principle 9: Identifies and Analyzes Significant Change
Common Criteria (Security)
CC4.1 critical
COSO Principle 16: Selects, Develops, and Performs Ongoing and/or Separate Evaluations
Common Criteria (Security)
CC4.2 high
COSO Principle 17: Evaluates and Communicates Deficiencies
Common Criteria (Security)
CC5.1 critical
COSO Principle 10: Selects and Develops Control Activities That Mitigate Risks
Common Criteria (Security)
CC5.2 critical
COSO Principle 11: Selects and Develops General Controls Over Technology
Common Criteria (Security)
CC5.3 high
COSO Principle 12: Deploys Through Policies and Procedures
Common Criteria (Security)
CC6.1 critical
Logical and Physical Access — Security Software, Infrastructure, and Architectures
Common Criteria (Security)
CC6.2 critical
Logical and Physical Access — User Registration and Authorization
Common Criteria (Security)
CC6.3 critical
Logical and Physical Access — Role-Based Access and Least Privilege
Common Criteria (Security)
CC6.4 high
Logical and Physical Access — Physical Access Restrictions
Common Criteria (Security)
CC6.5 high
Logical and Physical Access — Logical Access to Protected Assets
Common Criteria (Security)
CC6.7 high
Logical and Physical Access — Transmission of Data
Common Criteria (Security)
CC6.6 critical
Logical and Physical Access — Security Against Threats Outside System Boundaries
Common Criteria (Security)
CC6.8 critical
Logical and Physical Access — Prevention and Detection of Unauthorized Software
Common Criteria (Security)
CC7.1 critical
System Operations — Detection of Security Events
Common Criteria (Security)
CC7.2 critical
System Operations — Monitoring of System Components for Anomalies
Common Criteria (Security)
CC7.4 critical
System Operations — Incident Response
Common Criteria (Security)
CC7.3 high
System Operations — Evaluation of Security Events
Common Criteria (Security)
CC7.5 critical
System Operations — Incident Recovery
Common Criteria (Security)
CC8.1 critical
Change Management — Changes to Infrastructure, Data, Software, and Procedures
Common Criteria (Security)
CC9.1 high
Risk Mitigation — Risk Mitigation Activities
Common Criteria (Security)
CC9.2 high
Risk Mitigation — Vendor and Business Partner Risk Management
Common Criteria (Security)
Assess SOC 2 Common Criteria (Security)
Track every control, collect evidence, and generate audit-ready reports with AuditFront.
Start Free Assessment