Regulatory Compliance Management

National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171 outlines cybersecurity-related requirements government…

HIPAA regulations were established to protect the integrity of patient information and compliance is intended to secure health information against…

The Payment Card Industry is a private industry group set up by the major credit card companies to define standards for companies that process…

The President of the United States issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, to address the growing…

The EU General Data Protection Regulation (GDPR) protects the personal information and data privacy of EU citizens, or individuals that reside in…

The Centers for Medicare & Medicaid Services (CMS) Information Security ARS, CMSR contain a broad set of required security standards based upon…

The Criminal Justice Information System (CJIS) Security Policy was created by the Federal Bureau of Investigation (FBI) to provide guidance to…

The DoD Information Assurance Certification and Accreditation Process (DIACAP) is the DoD process to ensure that risk management is applied on…

FFIEC requires financial institutions and their service providers to maintain effective security compliance management programs which provide…

(NIST) announced the Final Release of Special Publication (SP) 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems…

(GCSX) is a secure wide area network (WAN) that allows officials at local public-sector organizations to interact and share data privately and…

The Gramm-Leach-Bliley Act requires financial services companies to explain their information-sharing practices to their customers, plus safeguard…

The Good Practice Guide 13 (GPG 13) is a protective monitoring framework for all British government systems and networks, service providers and…

The Director of Central Intelligence Directive 6/3 governs the protection of sensitive compartmented information within Information Systems.

ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information…

ISO 27002 provides organizations with the assurance of knowing that they are protecting their information assets using criteria in harmonization…

JAFAN Manual for Protecting SAP Information within Information Systems manual establishes the security policy and procedures for storing…

NCUA is an independent federal agency that requires U.S. federally-insured credit unions to establish a security program that addresses the privacy…

NERC develops and enforces Reliability Standards; annually assesses seasonal and long term reliability; monitors the bulk power system through…

The Operating Manual (NISPOM) sets comprehensive standards to ensure continued availability and integrity of classified data, and prevent its…

There are a number of approaches to managing risk. Managing risk is a complex process and requires the input from the whole organization.

The New York State Department of Financial Services (DFS) has passed the State of New York’s Cybersecurity Requirements for Financial…

The Notifiable Data Breaches (NDB) was passed as an Amendment to the Australian Privacy Act and aims to help people whose personal information has…

The Twenty (20) Critical Security Controls for Cyber Defense are a culmination of exhaustive research and development of information security…

Since 1992, companies that provide business process outsourcing and data services, also known as service organizations, have utilized Statement on…

The Sarbanes-Oxley Act came into force in 2002, and introduced major changes to the regulation of financial practice and corporate governance.