Standards

(Industry specific guidelines, standards, or global regulations)

- J.D. Meier, Prashant Bansode, Paul Enfield.

The following is a list of standards customers have indicate are possibly of importance for this platform. We solicit feedback on any additions or removals from this list..

Area Items
Education * Children's Internet Protection Act (CIPA) (Pub. L. 106-554)
Insurance *
Financial * Basel II
* Basel I
* Gramm-Leach-Bliley Act of 1999 (GLBA)
* Securities and Exchange Commission (SEC) Compliance issue (17a-4)
* NASD
* Sarbanes-Oxley Act (SOX)
* USA Patriot Act
General * ISO/IEC 27002 (formerly ISO17799)
* ISO/IEC 27001 (formerly BS7799 Part 1)
* Common Criteria (CC) also published as ISO/IEC 15408
* COPPA (Children’s Online Privacy Protection Act)
* Visa CISP Program
* ECPA (Electronic Communications Privacy Act)
* FERPA (Family Education Rights and Privacy Act)
* ADA (Americans with Disabilities Act)
* Singapore Technology Risk Mngt Guidelines
* California's SB 1386
* Information Security Forum (ISF) Directives
* COSO standard
* ITIL
* NCUA Security Directive (guidance)
* FFIEC
* COBIT
* SSE-CMM (ISO 21827)
* SAS 70
* Pending: ISO/IEC JTC1 SC27
Government Germany Specific
* Telemediengesetz (TMG)
* Bundesdatenschutzgesetz (BDSG)
UK Specific
* Data Protection Act 1998 (DPA)
* Regulation of Investigatory Powers Act 2000 (RIPA)
* Computer Misuse Act 1990
US Specific
* Communications Act of 1934
* Computer Fraud & Abuse Act (18 U.S.C. 1030)
* Privacy Act of 1974
* Computer Crime Act 1987
* Economic Espionage Act 1996
* ECPA –Electronic Communications Privacy Act 1986 (Wiretap Act)
* Clinger-Cohen Act (The CIO Act)
* Federal Information Security Management Act (FISMA) of 2002, Appendix III of the E-Government Act of 2002
* US PATRIOT Act
* Defense Federal Acquisition Regulations Supplement (DFARS)
* Federal Acquisition Regulation (FAR) Part 39
* OMB Circular A-130 Appendix III
* OMB Circular A-123
* Common Criteria - ISO 15408
* HSPD-7, Critical Infrastructure Protection
* HSPD-12, Policy for a Common Identification Standard for Federal Employees and Contractors
* FIPS-140-2 (Soon to be FIPS-140-3)
* FIPS-199, Standards for Security Categorization of Federal Information and Information Systems
* FIPS-200, Minimum Security Requirements for Federal Information and Information Systems
* DoD 8500.1, Information Assurance (IA)
* DoD 8500.2, Information Assurance (IA) Implementation
* GAO Federal Information System Controls Audit Manual (FISCAM)
* NIST Special Publication (SP) 800-53 Rev 3, Recommended Security Controls for Federal Information Systems
* NIST SP 800-70, Security Configuration Checklists Program for IT Products: Guidance for Checklists Users and Developer
* <a whole slew of NIST SPs available at http://csrc.nist.gov/publications/index.html >
* OMB Memo 06-15, Safeguarding Personally Identifiable Information
* OMB Memo 06-16, Protection of Sensitive Agency Information
* OMB Memo 06-19, Reporting Incidents Involving Personally Identifiable Information and Incorporating the Cost for Security in Agency Information Technology Investments
* OMB Memo 07-11, Implementation of Commonly Accepted Security Configurations for Windows Operating Systems
* OMB Memo 07-16, Safeguarding Against and Responding to the Breach of Personally Identifiable Information
* OMB Memo 07-18, Ensuring New Acquisitions Include Common Security Configurations
* OMB Memo 08-05, Implementation of Trusted Internet Connections (TIC)
* OMB Memo 08-22, Guidance on the Federal Desktop Core Configuration (FDCC)
Healthcare * HIPAA Privacy
* HIPAA Security
* FDA's Electronic Record/Signature (ERES-21CFR11)
* Mental Hygiene Law Sec. 33.13
UK / Europe * Data Protection Act
Utilities / Energy * NERC Security Rules (mandatory security standard)
* NSA INFOSEC Assessment-Capability Maturity Model (IA-CMM) Appraisals


Resources


* BS7799 Compliance and Risk Analysis: http://www.security.kirion.net/bs7799standard/



Last edited Apr 20, 2010 at 6:29 PM by paulenfield, version 4

Comments

No comments yet.