Sarbanes-Oxley Act (SOX): Federal law establishing requirements for public companies' internal controls and financial reporting, including IT systems and data backup requirements
FFIEC Guidance: Federal Financial Institutions Examination Council guidelines for business continuity planning in financial institutions
Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data
NIST SP 800-34: National Institute of Standards and Technology Special Publication providing contingency planning guidelines for federal information systems
HIPAA: Healthcare Insurance Portability and Accountability Act requiring protection and continuity planning for healthcare data
Basel III: International regulatory framework for banks, including operational resilience requirements
SEC Regulation SCI: Securities and Exchange Commission regulation for ensuring resilience of critical market infrastructure
FINRA Rules: Financial Industry Regulatory Authority rules requiring members to maintain business continuity plans
State Data Breach Laws: Various state-specific requirements for reporting and handling data breaches and maintaining system integrity
ISO 22301: International standard for Business Continuity Management Systems (BCMS)
NFPA 1600: Standard on Continuity, Emergency, and Crisis Management providing comprehensive guidance for organizational resilience
FEMA Guidelines: Federal Emergency Management Agency recommendations for business continuity and disaster recovery
DHS Recommendations: Department of Homeland Security guidance for critical infrastructure protection and business continuity
Federal Reserve Guidance: Federal Reserve Board guidelines for financial institutions' operational resilience and business continuity
