Sarbanes-Oxley Act (SOX): Federal law that applies to publicly traded companies, requiring specific internal control assessments and financial reporting standards
Gramm-Leach-Bliley Act (GLBA): Federal legislation requiring financial institutions to explain their information-sharing practices and protect sensitive customer data
Health Insurance Portability and Accountability Act (HIPAA): Federal law that sets standards for protecting sensitive patient health information in healthcare organizations
Federal Information Security Management Act (FISMA): Federal law that defines cybersecurity framework for federal agencies and their contractors
General Data Protection Regulation (GDPR): EU regulation that applies to US companies handling EU citizens' data, requiring specific data protection and privacy standards
Payment Card Industry Data Security Standard (PCI DSS): Industry security standard for organizations that handle credit card transactions and payments
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for private sector organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks
ISO/IEC 27001: International standard for information security management systems (ISMS) providing requirements for establishing, implementing, and maintaining an ISMS
State Data Breach Notification Laws: Various state-specific laws requiring organizations to notify individuals of security breaches involving personally identifiable information
California Consumer Privacy Act (CCPA): State-specific privacy law providing California residents with rights regarding their personal information
Federal Acquisition Regulation (FAR): Principal set of rules governing the federal government's purchasing process and requirements for government contractors
AICPA IT Audit Standards: Professional standards set by the American Institute of CPAs for conducting IT audits
ISACA IT Audit Framework: Professional framework providing guidance for IT audit professionals on planning, conducting, and reporting on IT audits
Generally Accepted Government Auditing Standards (GAGAS): Professional standards for government auditing that provide a framework for conducting high-quality audits with competence, integrity, objectivity, and independence
