Computer Fraud and Abuse Act (CFAA): Federal law that provides legal framework for protecting computer systems from unauthorized access, fraud, and related activities.
Electronic Communications Privacy Act (ECPA): Federal law governing the interception and monitoring of electronic communications.
Stored Communications Act (SCA): Part of ECPA that provides privacy protection for communications held in electronic storage.
Federal Information Security Management Act (FISMA): Defines framework for protecting government information, systems and assets against natural or man-made threats.
Health Insurance Portability and Accountability Act (HIPAA): Provides data privacy and security provisions for safeguarding medical information when handling healthcare data.
Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices and protect sensitive data when handling financial information.
Payment Card Industry Data Security Standard (PCI DSS): Security standards designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment.
Sarbanes-Oxley Act (SOX): Requires proper internal control assessment and reporting procedures for public companies.
Family Educational Rights and Privacy Act (FERPA): Federal law that protects the privacy of student education records in educational institutions.
State Data Breach Notification Laws: State-specific requirements for organizations to notify individuals of security breaches involving personally identifiable information.
New York SHIELD Act: State-specific cybersecurity regulation requiring businesses to implement safeguards for the private information of New York residents.
California Consumer Privacy Act (CCPA): Comprehensive state law that provides California residents with various data privacy rights and imposes obligations on businesses.
General Data Protection Regulation (GDPR): European Union regulation on data protection and privacy that may apply when handling data of EU residents.
NIST Cybersecurity Framework: Voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk.
ISO 27001: International standard providing requirements for an information security management system (ISMS).
CIS Controls: Set of actions for cyber defense that provide specific ways to stop today's most pervasive and dangerous attacks.
