Computer Fraud and Abuse Act (CFAA): Federal law that criminalizes unauthorized access to computers and networks, must be considered when defining access control permissions and penalties for violations
Federal Information Security Management Act (FISMA): Requires federal agencies and their contractors to develop and implement information security programs, setting standards for access control policies
Privacy Act of 1974: Establishes requirements for the collection, maintenance, use, and dissemination of personal information maintained by federal agencies
HIPAA: Healthcare data privacy law that mandates specific access control requirements for protected health information
Gramm-Leach-Bliley Act (GLBA): Financial services regulation requiring institutions to protect sensitive customer financial data with appropriate access controls
NIST SP 800-53: Federal guidelines providing security and privacy control standards, including detailed recommendations for access control implementation
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risks
ISO 27001: International standard for information security management systems, providing framework for access control policies
State Data Protection Laws: Various state-specific regulations governing data protection and access control requirements, varying by jurisdiction
State Breach Notification Laws: State-specific requirements for notifying affected parties in case of security breaches or unauthorized access
CCPA (California Consumer Privacy Act): California's comprehensive privacy law that includes specific requirements for data access and control
Sarbanes-Oxley Act (SOX): Requires public companies to establish internal controls and procedures for financial reporting, including IT access controls
PCI DSS: Payment Card Industry Data Security Standard requiring specific access control measures for payment card data
FERPA: Family Educational Rights and Privacy Act governing access to and sharing of student education records
FTC Guidelines: Federal Trade Commission guidelines on data security and consumer protection that influence access control requirements
DoD Security Requirements: Department of Defense specific security requirements for systems and data access, applicable to defense contractors and related entities
