Computer Fraud and Abuse Act (CFAA): Federal law that addresses unauthorized access to computers and networks, defining criminal penalties for various cyber crimes
Electronic Communications Privacy Act (ECPA): Federal legislation that regulates the interception of electronic communications and includes the Stored Communications Act
Federal Information Security Management Act (FISMA): Federal law applying to government agencies and contractors, setting standards for information security controls
Health Insurance Portability and Accountability Act (HIPAA): Healthcare-specific regulation requiring strict access controls and audit trails for protected health information
Gramm-Leach-Bliley Act (GLBA): Financial sector regulation requiring the safeguarding of customer information and specific security measures
Payment Card Industry Data Security Standard (PCI DSS): Industry standard for organizations handling credit card data, including specific network security requirements
Family Educational Rights and Privacy Act (FERPA): Education sector regulation protecting student data privacy and controlling access to educational records
NIST Cybersecurity Framework: Voluntary framework providing best practices and guidelines for network security and risk management
Sarbanes-Oxley Act (SOX): Corporate governance law requiring internal controls and accountability measures for publicly traded companies
State Data Breach Notification Laws: State-specific regulations defining requirements for protecting personal information and responding to data breaches
State Privacy Laws: Various state-specific privacy regulations (such as CCPA, SHIELD Act) implementing additional data protection requirements
