Sarbanes-Oxley Act (SOX): Federal law that requires publicly traded companies to implement specific internal controls and maintain audit trails for financial reporting and IT systems that impact financial reporting
Health Insurance Portability and Accountability Act (HIPAA): Federal regulation that establishes standards for protecting sensitive patient health information, including access controls and audit requirements for healthcare organizations
Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data through comprehensive security programs
Federal Information Security Management Act (FISMA): Federal law that defines cybersecurity framework for federal agencies and contractors, including access control and privilege management requirements
Payment Card Industry Data Security Standard (PCI DSS): Industry security standard for organizations handling credit card information, with specific requirements for privileged access management and user authentication
NERC CIP Standards: Regulatory framework for the energy sector that includes specific requirements for access management and critical infrastructure protection
Family Educational Rights and Privacy Act (FERPA): Federal law protecting the privacy of student education records, including requirements for controlling access to educational data
State Data Breach Notification Laws: Various state-level laws requiring organizations to notify individuals when their personal information has been compromised, affecting access control policies
California Consumer Privacy Act (CCPA): California state law providing privacy rights to California residents and requiring businesses to implement specific data protection measures
NY SHIELD Act: New York state law requiring businesses to implement safeguards for protecting private information of New York residents
General Data Protection Regulation (GDPR): EU privacy regulation with global impact, requiring strict access controls and protection measures for personal data of EU residents
NIST Cybersecurity Framework: Voluntary framework providing guidelines for managing and reducing cybersecurity risk, including comprehensive access control recommendations
ISO 27001: International standard for information security management systems, providing requirements for access control and privilege management
CIS Controls: Set of cybersecurity best practices and guidelines developed by the Center for Internet Security, including specific controls for access management
SANS Security Guidelines: Industry-respected security guidelines providing detailed recommendations for privileged access management and security controls
ISACA Control Objectives: Framework providing guidance for IT governance and control, including specific objectives for access management and security
