Industry Regulations

Regulatory requirements and industry mandates also provide important security protection over customer and sensitive information for companies. We have captured significant and mandatory regulations below as they relate to various industries:

  • Gramm-Leach-Bliley Act (GLBA) – Safeguards Rule
    • any company which provides consumer financial products or services are subject to it
  • Sarbanes-Oxley Act
    • large publicly traded companies (aka non-accelerated filers) are required to assess the effectiveness of their internal controls
  • Payment Card Industry Data Security Standard (PCI DSS)
    • security standards for the handling, processing, transmitting, and storing of credit card data by both merchants and service providers
    • version 3 has many new requirements for the point-of-sale (POS) systems which are good practices in general but especially significant in light of the recent security breaches of major retailers
  • Health Information Portability and Accountability Act (HIPAA)
    • adminstrative, physical, and technical safeguards for health data of individuals
  • Critical Information Protection (CIP) – Cyber Security Standards
    • protection measures for critical assets that control or affect the reliability of North America’s bulk electric systems
  • Minimum Internal Control Standards (MICS)
    • information technology requirements for Group I Licensees from the Nevada Gaming Control Board

Recognizing that partnership between the public and private sectors are important to the overall security ecosystem, Department of Homeland Security (DHS) has published useful materials tailored to companies.  Due to unique challenges with small businesses, there is also a specific page devoted to providing relevant resources targeted to these corporate entities.