FISMA: Federal Information Security Management Act - Provides a framework for protecting government information, operations, and assets against natural or human threats
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive customer data
HIPAA: Health Insurance Portability and Accountability Act - Sets national standards for the protection of individuals' medical records and other personal health information
SOX: Sarbanes-Oxley Act - Requires public companies to establish internal controls and procedures for financial reporting, including IT systems security
FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices affecting commerce, including inadequate cybersecurity measures
CFAA: Computer Fraud and Abuse Act - Addresses computer-related crimes and unauthorized access to protected computers and networks
ECPA: Electronic Communications Privacy Act - Extends government restrictions on wire taps to include transmitted electronic data
COPPA: Children's Online Privacy Protection Act - Imposes requirements on operators of websites or online services directed to children under 13
State Data Breach Laws: Individual state laws requiring organizations to notify individuals of security breaches involving personally identifiable information
CCPA/CPRA: California Consumer Privacy Act/California Privacy Rights Act - Provides California residents with rights regarding their personal information and imposes obligations on businesses
NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for NY residents' private information
VCDPA: Virginia Consumer Data Protection Act - Provides Virginia residents rights over their personal data and requires businesses to comply with security requirements
CPA: Colorado Privacy Act - Provides Colorado residents with data privacy rights and imposes obligations on businesses processing personal data
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for private sector organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks
ISO 27001/27002: International standards that provide requirements and guidelines for establishing, implementing, maintaining, and continually improving an information security management system
CIS Controls: A set of 18 prioritized safeguards to mitigate the most prevalent cyber-attacks against systems and networks
PCI DSS: Payment Card Industry Data Security Standard - Security standards designed to ensure all companies that process, store, or transmit credit card information maintain a secure environment
SEC Cybersecurity Requirements: Securities and Exchange Commission requirements for public companies to disclose material cybersecurity risks and incidents
NY DFS Cybersecurity Regulation: New York Department of Financial Services cybersecurity regulation requiring financial institutions to establish and maintain cybersecurity programs
