FISMA: Federal Information Security Management Act - Provides a comprehensive framework for ensuring the effectiveness of information security controls over federal information resources
HIPAA: Health Insurance Portability and Accountability Act - Sets national standards for the security of electronic protected health information
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
SOX: Sarbanes-Oxley Act - Mandates proper financial disclosure and accountability for public companies, including IT controls
GDPR: General Data Protection Regulation - EU regulation that applies to US companies handling EU citizens' data
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding their personal information
NIST SP 800-30: National Institute of Standards and Technology Special Publication providing guidelines for conducting risk assessments
NIST CSF: NIST Cybersecurity Framework - Voluntary guidance for private sector organizations to better manage and reduce cybersecurity risk
ISO 27001: International standard for information security management systems (ISMS)
ISO 31000: International standard providing principles and guidelines for risk management
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations handling credit card data
SEC Requirements: Securities and Exchange Commission requirements for publicly traded companies regarding cybersecurity risk disclosure
FTC Regulations: Federal Trade Commission regulations regarding data security and consumer protection
State Breach Laws: Various state-specific laws requiring notification of security breaches involving personal information
State Privacy Laws: State-specific privacy laws that may impose additional requirements beyond federal regulations
