¶¶Òõ¶ÌÊÓƵ

FISMA: Federal Information Security Management Act - Provides a comprehensive framework for ensuring the effectiveness of information security controls over federal information resources

CISA: Cybersecurity Information Sharing Act - Designed to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats

NIST Frameworks: National Institute of Standards and Technology frameworks provide guidelines for security risk assessments and cybersecurity standards that organizations should follow

Privacy Act of 1974: Establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of information about individuals

FedRAMP: Federal Risk and Authorization Management Program - Standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services

HIPAA: Health Insurance Portability and Accountability Act - Sets national standards for the security of electronic protected health information

GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and safeguard sensitive customer data

SOX: Sarbanes-Oxley Act - Mandates strict reforms to improve financial disclosures and prevent accounting fraud, including IT controls

PCI DSS: Payment Card Industry Data Security Standard - Set of security standards designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment

FERPA: Family Educational Rights and Privacy Act - Protects the privacy of student education records and applies to all schools that receive federal funding

State Breach Laws: Various state-specific laws requiring notification of security breaches to customers and state authorities, with different requirements per state

CCPA: California Consumer Privacy Act - Provides California residents with rights regarding the collection and use of their personal information

SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for the private information of NY residents

DoD Requirements: Department of Defense specific security requirements including CMMC (Cybersecurity Maturity Model Certification) for defense contractors

CIP Standards: Critical Infrastructure Protection standards - Requirements designed to secure the assets required for operating North America's bulk electric system

GDPR: General Data Protection Regulation - EU regulation on data protection and privacy that may affect US companies dealing with EU residents' data

ISO 27001: International standard providing requirements for an information security management system (ISMS), often used as a global benchmark