FISMA: Federal Information Security Management Act - Sets comprehensive framework for protecting government information, operations and assets against natural or human threats
CFAA: Computer Fraud and Abuse Act - Federal legislation that criminalizes unauthorized access to computer systems and networks
DMCA: Digital Millennium Copyright Act - Copyright law that criminalizes production and dissemination of technology, devices, or services intended to circumvent digital access control measures
HIPAA: Health Insurance Portability and Accountability Act - Federal law establishing standards for protecting sensitive patient health information from being disclosed without patient's consent
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices in commerce, including those related to data security and privacy
CCPA: California Consumer Privacy Act - State law providing California residents with rights regarding their personal information and imposing data protection obligations on businesses
SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for private information of New York residents
NIST Cybersecurity Framework: National Institute of Standards and Technology framework providing guidelines for private sector organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks
OWASP Standards: Open Web Application Security Project standards providing best practices for secure software development
ISO/IEC 27001: International standard for information security management systems, providing requirements for establishing, implementing, maintaining and continually improving security management
PCI DSS: Payment Card Industry Data Security Standard - Information security standard for organizations that handle branded credit cards from major card schemes
GDPR: General Data Protection Regulation - EU law on data protection and privacy applicable to organizations handling EU residents' data
SEC Cybersecurity Guidelines: Securities and Exchange Commission guidelines for public companies regarding disclosure obligations relating to cybersecurity risks and incidents
