720-891-1663

Cyber Security Standards, Regulations, and Guidelines


NIST

  • NIST 800-53, NIST 800-40, 800-14
  • NIST Special Publication 800-37 – Guide for the Security Certification and Accreditation of Federal Information Systems
  • NIST 80018: Guide for Developing Security Plans for Information Technology Systems
  • NIST 80027: Engineering Principles for Information Technology Security (A Baseline for Achieving Security)
  • NIST 80030: Guide for Risk Management for Information Technology Systems

ISO Standards

  • ISO 27000 Series
  • ISO 15408
  • ISO 20000 IT Service Management Standard (has controls for security and business continuity)
  • ISO/TR 13569:2005 – Financial services — Information security guidelines
  • Systems Security Engineering Capability Maturity Model (SSE-CMM) = ISO 21827

Other Standards

  • ETSI Cyber Security Technical Committee (TC CYBER)
  • SoGP Standard of Good Practice
  • RFC 2196
  • ISA/IEC-62443 (formerly ISA-99)
  • IEC 62443 Conformity Assessment Program
  • IASME

Industry-specific guidelines and requirements

  • Federal Information Security Management Act (FISMA)
  • North American Electric Reliability Corp. (NERC) standards
  • Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records
  • Health Insurance Portability and Accountability Act (HIPAA)
  • The Health Information Technology for Economic and Clinical Health Act (HITECH)
  • Patient Safety and Quality Improvement Act (PSQIA, Patient Safety Rule)
  • H.R. 2868: The Chemical Facility Anti-Terrorism Standards Regulation
  • The Control Objectives for Information and Related Technology (COBIT)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • IRS PUB 1075
  • The Information Technology Infrastructure Library (ITIL)
  • Generally Accepted Information Security Principles (GAISP)

Broadly applicable laws and regulations

  • Gramm-Leach-Bliley Act (GLB) Act
  • Electronic Fund Transfer Act
  • Regulation E (EFTA)
  • Customs-Trade Partnership Against Terrorism (C-TPAT)
  • Free and Secure Trade Program (FAST)
  • Children's Online Privacy Protection Act (COPPA)
  • Fair and Accurate Credit Transaction Act (FACTA)
  • Federal Rules of Civil Procedure (FRCP)
  • The Federal Information Processing Standards (FIPS)
  • Department of Defense Information Assurance Certification and Accreditation Process (DIACAP).
  • Fedramp
  • Sarbanes-Oxley Act (aka Sarbox, SOX)
  • There is much more in this category...give us a call

© 2024 Copyright , All rights reserved. Privacy Policy Last Updated June 21, 2022

z z