Industry Regulations

Regulatory requirements and industry mandates also provide important security protection over customer and sensitive information for companies. We have captured significant and mandatory regulations below as they relate to various industries:

Gramm-Leach-Bliley Act (GLBA) – Safeguards Rule

 Which provides consumer financial products or services are subject to it

DFARS 252.204-7012

For any size company Contracted or Subcontracted by the Department of Defense

FAR 52.204.21

For any size company Contracted or Subcontracted by or to any US Federal agency or agency funded work

Sarbanes-Oxley Act

Large publicly traded companies (aka non-accelerated filers) are required to assess the effectiveness of their internal controls

Payment Card Industry Data Security Standard (PCI DSS)

Security standards for the handling, processing, transmitting, and storing of credit card data by both merchants and service providers

Version 3 has many new requirements for the point-of-sale (POS) systems which are good practices in general but especially significant in light of the recent security breaches of major retailers

Health Information Portability and Accountability Act (HIPAA)

Adminstrative, physical, and technical safeguards for health data of individuals

Critical Information Protection (CIP) – Cyber Security Standards

Protection measures for critical assets that control or affect the reliability of North America’s bulk electric systems

Minimum Internal Control Standards (MICS)

Information technology requirements for Group I Licensees from the Nevada Gaming Control Board

Recognizing that partnership between the public and private sectors are important to the overall security ecosystem, Department of Homeland Security (DHS) has published useful materials tailored to companies.  Due to unique challenges with small businesses, there is also a specific page devoted to providing relevant resources targeted to these corporate entities.