FISMA: Federal Information Security Management Act - Provides a comprehensive framework for ensuring the effectiveness of information security controls over information resources that support federal operations and assets

Privacy Act of 1974: Establishes a code of fair information practices governing the collection, maintenance, use, and dissemination of personally identifiable information maintained by federal agencies

E-Government Act of 2002: Enhances management and promotion of electronic government services and processes, including requirements for privacy impact assessments

CISA: Cybersecurity Information Sharing Act - Promotes the sharing of cybersecurity threat information between private sector and federal government entities

HIPAA: Health Insurance Portability and Accountability Act - Provides data privacy and security provisions for safeguarding medical information, particularly relevant if healthcare data is involved

GLBA: Gramm-Leach-Bliley Act - Requires financial institutions to explain their information-sharing practices and protect sensitive data, applicable when handling financial information

FedRAMP: Federal Risk and Authorization Management Program - Standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services

NIST SP 800-53: National Institute of Standards and Technology Special Publication providing security and privacy controls for federal information systems and organizations

NIST SP 800-37: NIST Risk Management Framework providing guidelines for applying the risk management framework to federal information systems

NIST CSF: NIST Cybersecurity Framework - Voluntary guidance based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk

ISO/IEC 27001: International standard for information security management systems (ISMS), providing requirements for establishing, implementing, maintaining and continually improving an ISMS

COBIT: Control Objectives for Information and Related Technologies - Framework for IT governance and management, aligning business goals with IT goals

State Data Breach Laws: Various state-specific requirements for notification and handling of data breaches, varying by jurisdiction

SEC Guidelines: Securities and Exchange Commission guidance on cybersecurity measures and disclosure requirements for public companies

FTC Requirements: Federal Trade Commission requirements regarding fair information practices and consumer data protection

PCI DSS: Payment Card Industry Data Security Standard - Requirements for organizations that handle credit card data to ensure secure processing environment

DHS Guidelines: Department of Homeland Security guidelines for cybersecurity and critical infrastructure protection

CSA Guidelines: Cloud Security Alliance guidelines providing recommended security controls for cloud computing environments