Sarbanes-Oxley Act (SOX): Federal law requiring financial reporting and internal controls requirements, including IT security controls documentation and testing
Health Insurance Portability and Accountability Act (HIPAA): Federal healthcare law mandating data security and privacy requirements, including regular security assessments for protected health information
Gramm-Leach-Bliley Act (GLBA): Federal law for financial institutions requiring data protection and regular security testing requirements
Federal Information Security Management Act (FISMA): Federal law establishing information security standards for federal agencies and requiring continuous monitoring requirements
NIST Cybersecurity Framework: Industry standard providing security assessment guidelines and risk management approaches
ISO 27001/27002: International standard for information security management, including audit requirements and procedures
Payment Card Industry Data Security Standard (PCI DSS): Industry standard for organizations handling payment card data, requiring security assessment and regular testing of security systems
State Data Breach Notification Laws: Various state-specific laws requiring notification of affected parties in case of data breaches
California Consumer Privacy Act (CCPA): State-specific privacy law example providing comprehensive consumer data protection requirements
NY Department of Financial Services (NYDFS) Cybersecurity Regulation: State-specific regulation example requiring financial institutions to implement comprehensive cybersecurity programs
