FISMA: Federal Information Security Management Act - Establishes information security requirements for federal agencies and their contractors
HIPAA: Health Insurance Portability and Accountability Act - Governs the protection and handling of medical data and health information
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
SOX: Sarbanes-Oxley Act - Mandates strict data retention and protection requirements for publicly traded companies
FRCP: Federal Rules of Civil Procedure - Sets requirements for data retention and accessibility for potential litigation purposes
State Data Protection Laws: Various state-specific regulations governing data protection, retention, and security requirements
State Breach Notification Laws: State-specific requirements for notifying affected parties in case of data breaches
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations handling credit card information
NIST SP 800-53: National Institute of Standards and Technology Special Publication - Security controls and guidelines for federal information systems
ISO 27001: International standard for information security management systems and best practices
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding their personal data
VCDPA: Virginia Consumer Data Protection Act - Establishes framework for privacy rights and data protection in Virginia
GDPR: General Data Protection Regulation - EU regulation that may apply if handling data of EU residents
Backup Requirements: Core policy components including frequency, retention periods, storage location, security, encryption, access controls, testing, and documentation
