FISMA: Federal Information Security Management Act - Requires federal agencies and their contractors to develop and implement information security programs
GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data
HIPAA: Health Insurance Portability and Accountability Act - Sets standards for protecting sensitive patient health information
SOX: Sarbanes-Oxley Act - Mandates strict internal controls for financial reporting and IT systems for public companies
FTC Act: Federal Trade Commission Act - Prohibits unfair or deceptive practices in commerce, including data security practices
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risk
NIST SP 800-30: NIST Special Publication for Risk Assessment - Provides guidance for conducting risk assessments of federal information systems
NIST SP 800-53: NIST Special Publication for Security Controls - Provides a catalog of security and privacy controls for information systems
ISO 27001/27005: International standards for information security management systems and risk management
State Data Breach Laws: Various state-specific laws requiring notification of security breaches to affected individuals
CCPA: California Consumer Privacy Act - Provides California residents with rights regarding their personal information
NY SHIELD Act: New York Stop Hacks and Improve Electronic Data Security Act - Requires businesses to implement safeguards for private information
PCI DSS: Payment Card Industry Data Security Standard - Security standards for organizations that handle credit card information
GDPR: General Data Protection Regulation - EU regulation on data protection and privacy, with extraterritorial scope affecting US companies
