HIPAA: Health Insurance Portability and Accountability Act - Federal law that protects medical information, including Security Rule requirements for access control and Privacy Rule requirements
GLBA: Gramm-Leach-Bliley Act - Federal law governing financial institutions, includes Safeguards Rule requirements for protecting customer financial information
SOX: Sarbanes-Oxley Act - Federal law applicable to publicly traded companies, requires specific internal controls for financial reporting and data security
FERPA: Family Educational Rights and Privacy Act - Federal law that protects the privacy of student education records and regulates access control in educational institutions
FISMA: Federal Information Security Management Act - Defines framework for protecting government information, systems and assets against natural or man-made threats
NIST SP 800-53: National Institute of Standards and Technology Special Publication - Provides comprehensive security control guidelines for federal information systems
ISO/IEC 27001: International standard that provides requirements for establishing, implementing, maintaining and continually improving an information security management system
PCI DSS: Payment Card Industry Data Security Standard - Security standard for organizations that handle credit card data, including specific access control requirements
State Data Breach Laws: Various state-specific laws requiring organizations to notify individuals of security breaches involving personally identifiable information
CCPA: California Consumer Privacy Act - Comprehensive state privacy law that gives California residents specific rights regarding their personal information
VCDPA: Virginia Consumer Data Protection Act - State privacy law providing Virginia residents with rights regarding the collection and use of their personal data
Colorado Privacy Act: State privacy law that provides Colorado residents with rights regarding their personal data and imposes obligations on businesses that process personal data
