FISMA: Federal Information Security Management Act - Provides a comprehensive framework for ensuring the effectiveness of information security controls over federal information resources
CISA: Cybersecurity Information Sharing Act - Designed to improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats
NIST Frameworks: National Institute of Standards and Technology frameworks provide guidelines for security risk assessments and cybersecurity standards that organizations should follow
Privacy Act of 1974: Establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of information about individuals
FedRAMP: Federal Risk and Authorization Management Program - Standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services
HIPAA: Health Insurance Portability and Accountability Act - Sets national standards for the security of electronic protected health information
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and safeguard sensitive customer data
SOX: Sarbanes-Oxley Act - Mandates strict reforms to improve financial disclosures and prevent accounting fraud, including IT controls
PCI DSS: Payment Card Industry Data Security Standard - Set of security standards designed to ensure all companies that accept, process, store or transmit credit card information maintain a secure environment
FERPA: Family Educational Rights and Privacy Act - Protects the privacy of student education records and applies to all schools that receive federal funding
State Breach Laws: Various state-specific laws requiring notification of security breaches to customers and state authorities, with different requirements per state
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding the collection and use of their personal information
SHIELD Act: New York's Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for the private information of NY residents
DoD Requirements: Department of Defense specific security requirements including CMMC (Cybersecurity Maturity Model Certification) for defense contractors
CIP Standards: Critical Infrastructure Protection standards - Requirements designed to secure the assets required for operating North America's bulk electric system
GDPR: General Data Protection Regulation - EU regulation on data protection and privacy that may affect US companies dealing with EU residents' data
ISO 27001: International standard providing requirements for an information security management system (ISMS), often used as a global benchmark
