FISMA: Federal Information Security Management Act - Sets security requirements for federal agencies and their contractors, including standards for security control assessment
HIPAA: Health Insurance Portability and Accountability Act - Governs healthcare data protection, including Security Rule and Privacy Rule compliance requirements for protected health information
GLBA: Gramm-Leach-Bliley Act - Focuses on financial data protection through the Safeguards Rule, requiring financial institutions to protect customer information
SOX: Sarbanes-Oxley Act - Applies to publicly traded companies, mandating specific internal control requirements and IT security measures
NIST Framework: National Institute of Standards and Technology Cybersecurity Framework - Provides comprehensive guidelines and methodologies for conducting risk assessments
PCI DSS: Payment Card Industry Data Security Standard - Mandatory security standard for organizations handling credit card data
State Data Breach Laws: Various state-specific requirements for reporting and handling data breaches, with different notification and response requirements by state
State Privacy Laws: State-specific privacy regulations like CCPA (California) and SHIELD Act (New York) that establish local data protection standards and requirements
