FISMA: Federal Information Security Management Act - Provides a framework for protecting government information, operations and assets against natural or human threats
CFAA: Computer Fraud and Abuse Act - Federal legislation that criminalizes unauthorized access to computer systems and networks
HIPAA: Health Insurance Portability and Accountability Act - Regulates the protection and confidential handling of protected health information
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
SOX: Sarbanes-Oxley Act - Mandates strict internal controls for financial reporting, affecting IT systems and access controls in public companies
FERPA: Family Educational Rights and Privacy Act - Protects the privacy of student education records and applies to all schools receiving federal funding
FedRAMP: Federal Risk and Authorization Management Program - Standardized security assessment for cloud services used by federal agencies
NIST SP 800-53: National Institute of Standards and Technology Special Publication - Provides detailed access control guidelines and security controls
ISO/IEC 27001: International standard for information security management systems, providing requirements for establishing and maintaining security controls
PCI DSS: Payment Card Industry Data Security Standard - Security standard for organizations handling credit card information
State Breach Laws: Various state-specific laws requiring notification of security breaches involving personal information
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding their personal information and imposes obligations on businesses
NY SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for private information of NY residents
GDPR: General Data Protection Regulation - EU regulation on data protection and privacy, with potential impact on US companies handling EU resident data
