Regulation Station

Regulation Station is designed to assist security professionals with first steps when approaching the daunting task of understanding the regulations that we face in the security industry.  This is not intended to provide legal guidance, but instead to provide direction to aid in the data protection process.  The regulations are divided by Untited States Federal, State, as well as a listing of International laws and guidelines.

Below is a listing of United States Federal Regulations.This list is constantly being updated and may not be comprehensive.

Federal Regulations
Regulation Brief Overview More Information
Gramm-Leach-Bliley Act (GLBA) The Financial Services Modernization Act of 1999, more commonly known for its authors, Gramm-Leach-Bliley, includes provisions to protect consumers' personal financial information held by financial institutions. The legislation is intended to ensure financial institutions protect sensitive customer information that may be accessible to hackers through web-enabled environments, including Internet connectivity and hosting arrangements.  The Safeguard Rule went into effect in 2003, requiring proactive steps to ensure free security of customer information. *
Sarbanes-Oxley Act The Sarbanes-Oxley Act of 2002, was signed into law by US President George W. Bush and became effective on July 30, 2002.The Act contains major changes for publicly traded securities, auditors, corporate board members, and lawyers. It focuses on identifying and then  punishing people who perform corporate fraud and corruption. *
Health Insurance Portability and Accountability Act (HIPAA) The goal of this legislation is to enable the movement of health information among health-related organizations in a protected manner. It includes various stringent privacy and security protections including limits on sharing and use of encryption. *
American Disabilities Act (ADA) This legislation is designed to protect the civil rights of people with disabilities. * 
Office of the Comptroller of the Currency (OCC) Web Linking Guidelines The Office of the Comptroller of the Currency (OCC) Web-Linking Guidelines defines a set of steps banks must take to distinguish between their services and those of a third party *
National Credit Union Administration (NCUA) Guidelines These guidelines describe NCUA's policy for ensuring the quality of information that it desseminates to the public and sets forth the administrative procedure by which an affected person may obtain correction of disseminated information. *
E-Government Act of 2002 Overarching guide for FISMA *
Children’s Online Privacy Protection Act (COPPA) The Children's Online Privacy Protection Act requires the Federal Trade Commission (FTC) to issue and enforce rules to protect the online collection and use of personal information from children under the age of 13. *
National Strategy to Secure Cyberspace The National Strategy to Secure Cyberspace is part of our overall effort to protect the Nation. It is an implementing component of the National Strategy for Homeland Security and is complemented by a National Strategy for the Physical Protection of Critical Infrastructures and Key Assets  *
Federal Information Security Management Act of 2002 (FISMA) The Federal Information Security Management Act (FISMA) was signed into law by the President as part of the Electronic Government Act of 2002. It provides a framework to ensure comprehensive measures are taken to secure federal information and assets.
Payment Card Industry (PCI) Data Security Standard The Payment Card Industry (PCI) Data Security Requirements are designed to ensure that merchants and service providers adequately protect card holder data.
Section 208: Privacy Compliance (EGOV) for Federal Agencies  In 2003, the OMB issued Guidance for implementing Section 208, the Privacy Provisions of the E-Government Act of 2002. This update deals with the posting of privacy policies, use of tracking technologies, and parental consent requirements. Agencies were to submit a report of their compliance plans annually. *
Section 508: Accessibility Compliance for Federal Agencies  Section 508 of the Rehabilitation Act Amendments of 1998 requires all US federal agencies to make their information technology accessible to their employees and customers with disabilities. *
North American Electric Reliability Council (NERC) - Security Guidelines for the Electricity Sector Presidential Decision Directive 63 (PDD-63), "Protecting America's Critical Infrastructures," officially mandates a framework of cooperation for America's critical infrastructures. * 
CFR21 Part 11

Part 11 applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted under any records requirements set forth in Agency regulations. Part 11 also applies to electronic records submitted to the Agency under the Federal Food, Drug, and Cosmetic Act (the Act) and the Public Health Service Act even if such records are not specifically identified in Agency regulations.

DCID -- Director of Central Intelligence Directive 6/3 This US federal directive establishes the security policy and procedures for storing, processing, and communicating classified intelligence information in information systems. * 
Buy Now on Amazon

Gold Sponsors
Advertise with us?