¶¶Òõ¶ÌÊÓƵ

Computer Fraud and Abuse Act (CFAA): Federal law that protects against unauthorized access to computers and networks, making it illegal to intentionally access a computer without authorization or exceeding authorized access

Federal Information Security Management Act (FISMA): Federal law that requires federal agencies to implement information security programs to protect government information, systems, and assets

Health Insurance Portability and Accountability Act (HIPAA): Federal law that provides data privacy and security provisions for safeguarding medical information and protected health information (PHI)

Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive customer data

Sarbanes-Oxley Act (SOX): Federal law that sets requirements for all U.S. public company boards, management, and public accounting firms, including IT controls and data security

Family Educational Rights and Privacy Act (FERPA): Federal law that protects the privacy of student education records and applies to all schools that receive federal funding

NIST Special Publication 800-53: Security and privacy controls framework providing guidelines for securing information systems and organizations

NIST Cybersecurity Framework: Voluntary guidance for private sector organizations to better manage and reduce cybersecurity risk

ISO 27001: International standard providing requirements for information security management systems (ISMS)

CIS Controls: Set of prioritized actions to protect organizations and data from known cyber attack vectors

State Data Breach Notification Laws: State-specific requirements for organizations to notify individuals when their personal information has been compromised in a data breach

California Consumer Privacy Act (CCPA): California state law providing consumers with rights regarding the collection and use of their personal information

NY SHIELD Act: New York state law requiring businesses to implement safeguards for private information and expanding breach notification requirements

Payment Card Industry Data Security Standard (PCI DSS): Security standard for organizations that handle branded credit cards from major card schemes, ensuring protection of cardholder data

Defense Federal Acquisition Regulation Supplement (DFARS): Cybersecurity requirements for contractors working with the Department of Defense

FedRAMP: Government-wide program providing standardized security assessment and authorization for cloud products and services used by federal agencies

Privacy Shield Framework: Framework for transatlantic exchanges of personal data between European countries and the United States

General Data Protection Regulation (GDPR): EU regulation on data protection and privacy that affects organizations handling data of EU residents, even if based in the US