CISA: Cybersecurity Information Sharing Act - Federal law that promotes the sharing of cybersecurity threat information between private sector and government
FISMA: Federal Information Security Management Act - Requires federal agencies to implement information security programs and manage organizational risk
CFAA: Computer Fraud and Abuse Act - Federal law that criminalizes unauthorized access to protected computers and networks
Privacy Act of 1974: Establishes code of fair information practices governing collection, maintenance, use, and dissemination of personal information maintained by federal agencies
ECPA: Electronic Communications Privacy Act - Extends government restrictions on wire taps to include transmitted electronic data
HIPAA: Health Insurance Portability and Accountability Act - Protects sensitive patient health information from being disclosed without consent
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain information-sharing practices and protect sensitive data
FERPA: Family Educational Rights and Privacy Act - Protects privacy of student education records
SOX: Sarbanes-Oxley Act - Mandates proper management and storage of corporate electronic records for public companies
State Data Breach Laws: Various state-specific requirements for notifying individuals of security breaches of personally identifiable information
CCPA: California Consumer Privacy Act - Enhances privacy rights and consumer protection for residents of California
SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for private information
NIST Cybersecurity Framework: Voluntary guidance based on existing standards and practices for organizations to better manage and reduce cybersecurity risk
ISO 27001: International standard providing requirements for information security management systems (ISMS)
CIS Controls: Set of actions for cyber defense that provide specific ways to stop today's most pervasive attacks
COBIT: Framework for the governance and management of enterprise information and technology
GDPR: General Data Protection Regulation - EU law on data protection and privacy that may apply to US organizations handling EU resident data
