FISMA: Federal Information Security Management Act - Sets standards for federal agencies and their contractors to ensure effective information security controls
HIPAA: Health Insurance Portability and Accountability Act - Establishes national standards for the protection of individuals' medical records and other personal health information
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
SOX: Sarbanes-Oxley Act - Mandates strict internal controls for financial reporting, including IT systems that affect financial statements
FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices, including companies' failure to maintain reasonable data security
CFAA: Computer Fraud and Abuse Act - Addresses computer-related crimes and unauthorized access to protected computers and data
PCI DSS: Payment Card Industry Data Security Standard - Security standard for organizations that handle credit card transactions
FERPA: Family Educational Rights and Privacy Act - Protects the privacy of student education records in educational institutions
DFARS: Defense Federal Acquisition Regulation Supplement - Cybersecurity requirements for defense contractors
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding their personal information and imposes obligations on businesses
SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for NY residents' private information
MA 201 CMR 17.00: Massachusetts data protection regulation that establishes minimum standards for protecting personal information of state residents
GDPR: General Data Protection Regulation - EU regulation on data protection and privacy, affecting organizations handling EU residents' data
NIST CSF: NIST Cybersecurity Framework - Voluntary guidance for private sector organizations to better manage and reduce cybersecurity risk
ISO 27001: International standard for information security management systems (ISMS)
COBIT: Control Objectives for Information and Related Technologies - Framework for IT governance and management
CIS Controls: Center for Internet Security Controls - Set of actions for cyber defense that provide specific ways to stop today's most pervasive attacks
