GLBA: Gramm-Leach-Bliley Act - Federal law that requires financial institutions to protect customers' sensitive financial data
HIPAA: Health Insurance Portability and Accountability Act - Federal regulation governing protection of healthcare data and patient information
FISMA: Federal Information Security Management Act - Defines framework for protecting government information, operations and assets
CFAA: Computer Fraud and Abuse Act - Federal law prohibiting unauthorized access to computers and networks
ECPA: Electronic Communications Privacy Act - Federal law protecting wire, oral, and electronic communications while in transit
COPPA: Children's Online Privacy Protection Act - Federal law imposing requirements on operators of websites/online services directed to children under 13
PCI DSS: Payment Card Industry Data Security Standard - Security standard for organizations handling credit card data
SOX: Sarbanes-Oxley Act - Federal law mandating specific security controls for financial reporting in public companies
FERPA: Family Educational Rights and Privacy Act - Federal law protecting privacy of student education records
CCPA: California Consumer Privacy Act - State law providing California residents with data privacy rights and control over their personal information
NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - State law requiring businesses to implement security programs to protect NY residents' private information
MA 201 CMR 17.00: Massachusetts data protection regulation requiring businesses to protect personal information of state residents
NIST CSF: NIST Cybersecurity Framework - Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risk
ISO 27001: International standard for information security management systems (ISMS)
CIS Controls: Center for Internet Security Controls - Set of actions for cyber defense providing specific ways to stop today's most pervasive attacks
