Sarbanes-Oxley Act (SOX): Federal law that sets requirements for financial systems access control and audit trails in public companies. Requires strict internal control assessment and enhanced financial disclosure.
Health Insurance Portability and Accountability Act (HIPAA): Federal regulation that establishes standards for protecting sensitive patient health information, including access controls and audit requirements for healthcare organizations.
Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data through comprehensive security programs.
Federal Information Security Management Act (FISMA): Federal law that defines cybersecurity framework for federal agencies, including requirements for access control and privileged account management.
Cybersecurity Information Sharing Act (CISA): Federal law designed to improve cybersecurity through enhanced information sharing between private sector and government.
Payment Card Industry Data Security Standard (PCI DSS): Industry security standard for organizations handling credit card information, including specific requirements for privileged access management.
NIST Special Publication 800-53: Federal security and privacy controls standard providing detailed guidelines for information systems security, including privileged account management.
ISO/IEC 27001: International standard for information security management systems, providing framework for protecting sensitive information through access control.
California Consumer Privacy Act (CCPA): State law providing California residents with data privacy rights and imposing obligations on businesses handling personal information.
NY SHIELD Act: New York state law requiring businesses to implement safeguards for protecting private information of New York residents, including access control measures.
CIS Controls: Set of cybersecurity best practices and guidelines that includes specific controls for account management and privileged access.
COBIT Framework: Business framework for governance and management of enterprise IT, including detailed guidance on privileged access management.
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for private sector organizations to better manage and reduce cybersecurity risk.
Principle of Least Privilege (PoLP): Security concept that users and programs should only have the minimum privileges necessary to complete their tasks.
Zero Trust Security Model: Security concept that organizations should not automatically trust anything inside or outside its perimeters and must verify everything trying to connect to its systems.
