PDF & Word - 2026 Updated

FISMA provides a comprehensive framework to protect government information systems and requires federal agencies to develop, document, and implement an organization-wide program to provide information security for the information and information systems that support the operations and assets of the agency.

CISA facilitates the sharing of cyber threat information between the government and private sector entities to enhance cybersecurity.

The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information (e-PHI) transmitted or maintained by covered entities.

GLBA requires financial institutions to explain their information-sharing practices and safeguard customer information, with guidelines establishing standards for protecting customer information.

Section 404 of SOX requires management to assess and report on the effectiveness of internal controls over financial reporting, which often includes IT and cybersecurity controls.

PCI DSS is a set of security standards designed to ensure that companies that accept, process, store, or transmit credit card information maintain a secure environment.

CCPA grants California residents rights regarding their personal data and imposes obligations on businesses, including requirements for data security to protect consumer information.

The SHIELD Act requires businesses to implement reasonable safeguards to protect the private information of New York residents and expands breach notification requirements.

The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyber attacks.

Regulation S-P requires broker-dealers, investment companies, and registered investment advisers to adopt policies and procedures to protect customer information from unauthorized access.