Computer Fraud and Abuse Act (CFAA): Federal law that prohibits accessing a computer without authorization, or in excess of authorization. Must be considered for defining unauthorized access and penalties in the access policy.

Electronic Communications Privacy Act (ECPA): Federal law governing the interception and monitoring of electronic communications. Relevant for monitoring and logging of user activities in systems.

Federal Information Security Management Act (FISMA): Defines framework for protecting government information, operations and assets. Important for federal agencies and contractors in establishing security controls.

Health Insurance Portability and Accountability Act (HIPAA): Regulates the use and disclosure of protected health information. Critical for healthcare organizations in establishing access controls for medical data.

Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices and protect sensitive data. Essential for financial sector access policies.

Sarbanes-Oxley Act (SOX): Mandates proper internal control structures and financial reporting for public companies. Important for access controls related to financial systems.

Payment Card Industry Data Security Standard (PCI DSS): Security standard for organizations handling credit card data. Specific requirements for access controls and authentication must be incorporated.

Family Educational Rights and Privacy Act (FERPA): Protects the privacy of student education records. Essential for educational institutions in defining access controls for student data.

Defense Federal Acquisition Regulation Supplement (DFARS): Cybersecurity requirements for defense contractors. Critical for organizations working with the Department of Defense.

State Data Breach Notification Laws: Various state-specific requirements for reporting unauthorized access to protected data. Must be considered in incident response procedures.

California Consumer Privacy Act (CCPA): California's comprehensive privacy law with specific requirements for handling personal information of California residents.

SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act requiring security measures for protecting private information of New York residents.

General Data Protection Regulation (GDPR): EU privacy law with global impact, requiring strict controls on personal data access and processing for EU residents' data.

NIST Cybersecurity Framework: Voluntary framework of computer security guidance for private sector organizations to better manage and reduce cybersecurity risk.

ISO 27001: International standard for information security management systems, providing requirements for establishing, implementing, and maintaining security controls.

CIS Controls: Set of prioritized actions to protect organizations and data from known cyber attack vectors. Provides practical guidelines for access control implementation.