| Source ID |
Source Name |
| 1 |
CMS Meaningful Use |
| 2 |
COBIT 4.1 |
| 3 |
FFIEC IT Examination Handbook – Audit |
| 4 |
FFIEC – Authentication in an Internet Banking Environment |
| 5 |
FFIEC IT Examination Handbook – Business Continuity Planning |
| 6 |
FFIEC IT Examination Handbook – Development and Acquisition |
| 7 |
FFIEC IT Examination Handbook – Information Security |
| 8 |
FFIEC IT Examination Handbook – Management |
| 9 |
FFIEC IT Examination Handbook – Operations |
| 10 |
FFIEC IT Examination Handbook – Outsourcing Technology Services |
| 11 |
FFIEC IT Examination Handbook – Retail Payment Systems |
| 12 |
FFIEC IT Examination Handbook – E-Banking |
| 13 |
FFIEC – Supplement to Authentication in an Internet Banking Environment |
| 14 |
12 CFR 30 – Appendix B – Interagency Guidelines Establishing Standards for Safeguarding Customer Information |
| 15 |
45 CFR 164 – Security and Privacy (HIPAA) |
| 16 |
45 CFR 160 & 45 CFR 164 – General Administrative Requirements (HIPAA Omnibus Updates) |
| 17 |
HIPAA Privacy & Breach Notification |
| 18 |
HIPAA Security Audit Program Protocol (OCR) |
| 19 |
HITECH Breach Notification Guidance and RFI (74 FR 19006) |
| 20 |
HITECH Breach Notification Interim Final Regulation (74 FR 42740) |
| 21 |
HITRUST Common Security Framework – 2010 |
| 22 |
25 CFR 542.16 & 25 CFR 543.16 – Indian Gaming Control – Minimum Internal Control Standards for IT |
| 23 |
International Privacy – U.S.-EU Safe Harbor Privacy Principles |
| 24 |
International Privacy – India Information Technology (Amendment) Act 2008 and Privacy Rules |
| 25 |
IRS Publication 1075 (2010) |
| 26 |
ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements |
| 27 |
ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management |
| 28 |
ISO/IEC 27005:2011 – Information technology – Security techniques – Information security risk management |
| 29 |
Louisiana State Police Gaming Enforcement Division – CPA Minimum Internal Controls Questionnaire |
| 30 |
NERC CIP-002-4a – Cyber Security – Critical Cyber Asset Identification |
| 31 |
NERC CIP-002-5 – Cyber Security – BES Cyber System Categorization |
| 32 |
NERC CIP-003-4 – Cyber Security – Security Management Controls |
| 33 |
NERC CIP-003-5 – Cyber Security – Security Management Controls |
| 34 |
NERC CIP-004-4a – Cyber Security – Personnel & Training |
| 35 |
NERC CIP-004-5 – Cyber Security – Personnel & Training |
| 36 |
NERC CIP-005-4a – Cyber Security – Electronic Security Perimeter(s) |
| 37 |
NERC CIP-005-5 – Cyber Security – Electronic Security Perimeter(s) |
| 38 |
NERC CIP-006-4d – Cyber Security – Physical Security of Critical Cyber Assets |
| 39 |
NERC CIP-006-5 – Cyber Security – Physical Security of BES Cyber Systems |
| 40 |
NERC CIP-007-4 – Cyber Security – Systems Security Management |
| 41 |
NERC CIP-007-5 – Cyber Security – System Security Management |
| 42 |
NERC CIP-008-4 – Cyber Security – Incident Reporting and Response Planning |
| 43 |
NERC CIP-008-5 – Cyber Security – Incident Reporting and Response Planning |
| 44 |
NERC CIP-009-4 – Cyber Security – Recovery Plans for Critical Cyber Assets |
| 45 |
NERC CIP-009-5 – Cyber Security – Recovery Plans for BES Cyber Systems |
| 46 |
NERC CIP-010-1 – Cyber Security – Configuration Change Management and Vulnerability Assessments |
| 47 |
NERC CIP-011-1 – Cyber Security – Information Protection |
| 48 |
New Jersey – Chapter 69D Gaming Operation Accounting Controls and Standards |
| 49 |
NIST SP 800-30 – Risk Management Guide for Information Technology Systems |
| 50 |
NIST SP 800-39 – Managing Information Security Risk |
| 51 |
NIST SP 800-53 – Federal IS Control Guidance |
| 52 |
NIST SP 800-53 r4 – Security and Privacy Controls for Federal Information Systems and Organizations |
| 53 |
NIST SP 800-53A – Federal IS Test Procedures |
| 54 |
NIST SP 800-66 – An Introductory Resource Guide for Implementing HIPAA Security |
| 55 |
10 CFR 73.54 – Protection of digital computer and communication systems and networks |
| 56 |
NV MICS 1-28 Checklist |
| 57 |
NV MICS 29-55 Checklist |
| 58 |
Ohio – 3772-10-15 Information technology standards. |
| 59 |
Payments Card Industry Data Security Standard (PCI DSS) 2.0 – Requirements and Security Assessment Procedures |
| 60 |
12 CFR 202 – Equal Credit Opportunity (Regulation B) |
| 61 |
State of Illinois: Gaming Control Board – Minimum Internal Control Standards – 03232010 (MICS) |
| 62 |
State of Missouri: Gaming Control – Chapter S – Minimum Internal Control Standards – 0602011 (MICS) |
| 63 |
State of Nevada: Gaming Control Board – Minimum Internal Control Standards – Information Technology v6 09012008 (MICS) |
| 64 |
State of New Jersey: Gaming Control – 13:69D 1.11 (Casino Licensees Organization) Minimum Internal Control Standards 11072011 (MICS) |
| 65 |
State of New Jersey: Gaming Control Subchapter 2 (Casino Computer Systems) Minimum Internal Control Standards 07052005 (MICS) |
| 66 |
The Joint Commission July 1 2012 |
| 67 |
State of Louisiana – Louisiana Gaming – Title 42 |
| 68 |
21 CFR 11 – Electronic Records; Electronic Signatures |
| 69 |
21 CFR 820 – Quality System Regulation |
| 70 |
United States Privacy – Alaska – Personal Information Protection Act |
| 71 |
United States Privacy – Arizona – Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions |
| 72 |
United States Privacy – Arkansas – Personal Information Protection Act |
| 73 |
United States Privacy – California – Business and Professions Code Sections 22575 – 22579 |
| 74 |
United States Privacy – California – Confidentiality of Medical Information Act |
| 75 |
United States Privacy – California – Information Practices Act of 1977 |
| 76 |
United States Privacy – Colorado Consumer Protection Act |
| 77 |
United States Privacy – Connecticut – Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practice. |
| 78 |
United States Privacy – Delaware – Title 6 Chapter 12B. Computer Security Breaches |
| 79 |
United States Privacy – District of Columbia – Notification of security breach |
| 80 |
United States Privacy – Florida – Chapter 817.5681 – Breach of security concerning confidential personal information in third-party possession; administrative penalties |
| 81 |
United States Privacy – Georgia – Breach of the security of the system |
| 82 |
United States Privacy – Hawaii – Security Breach of Personal Information |
| 83 |
United States Privacy – Idaho – Chapter 51 – Identity Theft |
| 84 |
United States Privacy – Illinois – Personal Information Protection Act |
| 85 |
United States Privacy – Indiana – Chapter 3. Disclosure and Notification Requirements |
| 86 |
United States Privacy – Iowa – Chapter 715 C – Personal Information Security Breach Protection |
| 87 |
United States Privacy – Kansas – Chapter 50: Article 7a: Protection Of Consumer Information |
| 88 |
United States Privacy – Louisiana – RS 51:3074 – Disclosure upon breach in the security of personal information; notification requirements; exemption |
| 89 |
United States Privacy – Maine – Chapter 210-B: Notice of Risk to Personal Data |
| 90 |
United States Privacy – Maryland – Title 14, Subtitle 35 – Maryland Personal Information Protection Act |
| 91 |
United States Privacy – Massachusetts – Act 2007 – Chapter 82: An Act Relative to Security Freezes and Notification of Data Breaches |
| 92 |
United States Privacy – Massachusetts: 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of Commonwealth |
| 93 |
United States Privacy – Michigan – Identity Theft Protection Act |
| 94 |
United States Privacy – Minnesota – 325E.64 – Access Devices; Breach of Security |
| 95 |
United States Privacy – Minnesota – 325E.61 – Data Warehouses; Notice Required for Certain Disclosures |
| 96 |
United States Privacy – Mississippi – 75-24-29. Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement |
| 97 |
United States Privacy – Missouri -MO-407.1500.1 Notice to consumer for breach of security, procedure–attorney general may bring action for damages |
| 98 |
United States Privacy – Montana – 30-14-1704. Computer security breach |
| 99 |
United States Privacy – Nebraska – Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 |
| 100 |
United States Privacy – Nevada – Chapter 603A – Security of Personal Information |
| 101 |
United States Privacy – New Hampshire – Chapter 359-C – Right to Privacy |
| 102 |
United States Privacy – New Jersey – Identity Theft Prevention Act |
| 103 |
United States Privacy – New York – Notification; person without valid authorization has acquired private information. |
| 104 |
United States Privacy – North Carolina Section 76-65 – Protection from security breaches |
| 105 |
United States Privacy – North Dakota – Chapter 51-30 – Notice of Security Breach for Personal Information |
| 106 |
United States Privacy – Ohio – 1349.19 Private disclosure of security breach of computerized personal information data |
| 107 |
United States Privacy – Oklahoma – Security Breach Notification Act |
| 108 |
United States Privacy – Oregon – 646A – Identity Theft Prevention |
| 109 |
United States Privacy – Rhode Island – CHAPTER 11-49.2 Identity Theft Protection |
| 110 |
United States Privacy – South Carolina – 39-1-90. Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division |
| 111 |
United States Privacy – Tennessee – Title 47 – Commercial Instruments and Transactions Chapter 18 – Consumer Protection Part 21 – Identity Theft |
| 112 |
United States Privacy – Texas – Title 11. Personal Identity Information – Subtitle B. Identity Theft – Chapter 521. Unauthorized Use of Identifying Information |
| 113 |
United States Privacy – Utah – Protection of Personal Information Act |
| 114 |
United States Privacy – Vermont – 9 V.S.A. – Section 2445. Safe destruction of documents containing personal information |
| 115 |
United States Privacy – Vermont – Security Breach Notice Act |
| 116 |
United States Privacy – Vermont – Social Security Number Protection Act |
| 117 |
United States Privacy – Virginia – 18.2-186.6. Breach of personal information notification |
| 118 |
United States Privacy – Washington – RCW 19.255.010 – Disclosure, notice – Definitions – Rights, remedies |
| 119 |
United States Privacy – Washington – RCW 42.56.590 – Personal information – Notice of security breaches |
| 120 |
United States Privacy – West Virginia – Chapter 46A. West Virginia Consumer Credit and Protection Act – Article 2A. Breach of Security of Consumer Information |
| 121 |
United States Privacy – Wisconsin – 134.98 Notice of unauthorized acquisition of personal information |
| 122 |
United States Privacy – Wyoming – Wyoming Consumer Protection Act |
| 123 |
FFIEC – Outsourced Cloud Computing |
| 124 |
Payments Card Industry Data Security Standard (PCI DSS) 3.0 – Requirements and Security Assessment Procedures |
| 125 |
HITRUST Common Security Framework – All Requirements – 2013 |
| 126 |
HITRUST Common Security Framework – Required for HITRUST Certification – 2013 |
| 127 |
IRS Publication 1075 (2014) |
| 128 |
Federal Reserve Board Guidance on Managing Outsourcing Risk |
| 129 |
OCC Bulletin 2013-29 (Subject: Third-Party Relationships) |
| 130 |
12 CFR 201 – Extensions of Credit by Federal Reserve Banks (Regulation A) |
| 131 |
Oklahoma Statutes – Title 76, Parts 19 and 20 |
| 132 |
ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements |
| 133 |
ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls |
| 134 |
17 CFR 38 Subpart K – Trade Information |
| 135 |
17 CFR 38 Subpart U – System Safeguards |
| 136 |
17 CFR 39 Subpart B – Compliance with Core Principles |
| 137 |
17 CFR 39 Subpart C – Provisions Applicable to Systemically Important Derivatives Clearing Organizations |
| 138 |
17 CFR 49 – Swap Data Repositories |
| 139 |
17 CFR 37 Subpart O – System Safeguards |
| 140 |
COBIT 5 |
| 141 |
NIST – Framework for Improving Critical Infrastructure Cybersecurity (Version 1.0) |
| 142 |
EU Data Protection Directive |
| 143 |
Privacy and Electronic Communications (EC Directive) Regulations 2003 |
| 144 |
UK Data Protection Act of 1998 |
| 145 |
CBEST Threat Intelligence Framework, Qualities of a threat intelligence provider |
| 146 |
CBEST Implementation Guide |
| 147 |
AICPA Trust Principles |
| 148 |
Basel Committee on Banking Supervision: Core Principles for Effective Banking Supervision |
| 149 |
Basel Committee on Banking Supervision: Principles for Effective Risk Data Aggregation and Risk Reporting |
| 150 |
12 CFR 30 – OCC Heightened Standards for Large Banks |
| 151 |
12 CFR 252 – Enhanced Prudential Standards (Regulation YY) |
| 152 |
Committee of Sponsoring Organizations of the Treadway Commission: Internal Control – Integrated Framework |
| 153 |
Cybersecurity Capability Maturity Model (C2M2) Version 1.1 |
| 154 |
12 CFR 203 – Home Mortgage Disclosure (Regulation C) |
| 155 |
12 CFR 204 – Reserve Requirements of Depository Institutions (Regulation D) |
| 156 |
12 CFR 205 – Electronic Fund Transfers (Regulation E) |
| 157 |
12 CFR 206 – Limitations on Interbank Liabilities (Regulation F) |
| 158 |
12 CFR 207 – Disclosure and Reporting of CRA-Related Events (Regulation G) |
| 159 |
12 CFR 208 – Membership of State Banking Institutions in the Federal Reserve System (Regulation H) |
| 160 |
12 CFR 209 – Issue and Cancellation of Federal Reserve Bank Capital Stock (Regulation I) |
| 161 |
12 CFR 210 – Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire (Regulation J) |
| 162 |
12 CFR 211 – International Banking Operations (Regulation K) |
| 163 |
12 CFR 212 – Management Official Interlocks (Regulation L) |
| 164 |
12 CFR 213 – Consumer Leasing (Regulation M) |
| 165 |
12 CFR 214 – Relations with Foreign Banks and Bankers (Regulation N) |
| 166 |
12 CFR 215 – Loans to Executive Officers, Directors, and Principal – Shareholders of Member Banks (Regulation O) |
| 167 |
12 CFR 217 – Capital Adequacy of Bank Holding Companies, Savings and Loan Holding Companies, and State Member Banks (Regulation Q) |
| 168 |
12 CFR 218 – Exceptions for Banks from the Definition of Broker in the Securities Exchange Act of 1934 (Regulation R) |
| 169 |
12 CFR 219 – Reimbursement to Financial Institutions for Providing Financial Records; Recordkeeping Requirements for Certain Financial Records (Regulation S) |
| 170 |
12 CFR 220 – Credit by Brokers and Dealers (Regulation T) |
| 171 |
12 CFR 221 – Credit by Banks and Persons other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock (Regulation U) |
| 172 |
12 CFR 222 – Fair Credit Reporting (Regulation V) |
| 173 |
12 CFR 223 – Transactions between Member Banks and Their Affiliates (Regulation W) |
| 174 |
12 CFR 224 – Borrowers of Securities Credit (Regulation X) |
| 175 |
12 CFR 225 – Bank Holding Companies and Change in Bank Control (Regulation Y) |
| 176 |
12 CFR 226 – Truth in Lending (Regulation Z) |
| 177 |
12 CFR 227 – Unfair or Deceptive Acts or Practices (Regulation AA) |
| 178 |
12 CFR 228 – Community Reinvestment (Regulation BB) |
| 179 |
12 CFR 229 – Availability of Funds and Collection of Checks (Regulation CC) |
| 180 |
12 CFR 231 – Netting Eligibility for Financial Institutions (Regulation EE) |
| 181 |
12 CFR 232 – Obtaining and Using Medical Information in Connection with Credit (Regulation FF) |
| 182 |
12 CFR 233 – Prohibition on Funding of Unlawful Internet Gambling (Regulation GG) |
| 183 |
12 CFR 234 – Designated Financial Market Utilities (Regulation HH) |
| 184 |
12 CFR 235 – Debit Card Interchange Fees and Routing (Regulation II) |
| 185 |
12 CFR 237 – Margin and Capital Requirements for Covered Swap Entities (Regulation KK) |
| 186 |
12 CFR 238 – Savings and Loan Holding Companies (Regulation LL) |
| 187 |
12 CFR 239 – Mutual Holding Companies (Regulation MM) |
| 188 |
12 CFR 240 – Retail Foreign Exchange Transactions (Regulation NN) |
| 189 |
12 CFR 241 – Securities Holding Companies (Regulation OO) |
| 190 |
12 CFR 242 – Definitions Relating to Title I of the Dodd-Frank Act (Regulation PP) |
| 191 |
12 CFR 243 – Resolution Plans (Regulation QQ) |
| 192 |
12 CFR 244 – Credit Risk Retention (Regulation RR) |
| 193 |
12 CFR 246 – Supervision and Regulation Assessments of Fees (Regulation TT) |
| 194 |
12 CFR 248 – Proprietary Trading and Certain Interests in and Relationships with Covered Funds (Regulation VV) |
| 195 |
12 CFR 249 – Liquidity Risk Measurement Standards (Regulation WW) |
| 196 |
12 CFR 251 – Concentration Limit (Regulation XX) |
| 197 |
Payment Card Industry Data Security Standard (PCI DSS) 3.1 – Requirements and Security Assessment Procedures |
| 198 |
FFIEC Cybersecurity Assessment Tool |
| 199 |
OCC Bulletin 2001-47 (Subject: Third-Party Relationships – Risk Management Principles) |
| 200 |
FRB-OCC-SEC – Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Financial System |
| 201 |
Payment Card Industry Data Security Standard (PCI DSS) Designated Entities Supplemental Validation (For use with PCI DSS v3.1) |
| 202 |
NERC CIP-002-3 – Cyber Security – Critical Cyber Asset Identification |
| 203 |
NERC CIP-002-3b – Cyber Security – Critical Cyber Asset Identification |
| 204 |
NERC CIP-002-5.1 – Cyber Security – BES Cyber System Categorization |
| 205 |
NERC CIP-003-3 – Cyber Security – Security Management Controls |
| 206 |
NERC CIP-003-3a – Cyber Security – Security Management Controls |
| 207 |
NERC CIP-003-6 – Cyber Security – Security Management Controls |
| 208 |
NERC CIP-004-3a – Cyber Security – Personnel & Training |
| 209 |
NERC CIP-004-5.1 – Cyber Security – Personnel & Training |
| 210 |
NERC CIP-004-6 – Cyber Security – Personnel & Training |
| 211 |
NERC CIP-005-3a – Cyber Security – Electronic Security Perimeter(s) |
| 212 |
NERC CIP-006-3c – Cyber Security – Physical Security of Critical Cyber Assets |
| 213 |
NERC CIP-006-6 – Cyber Security – Physical Security of BES Cyber Systems |
| 214 |
NERC CIP-007-3a – Cyber Security – Systems Security Management |
| 215 |
NERC CIP-007-3b – Cyber Security – Systems Security Management |
| 216 |
NERC CIP-007-6 – Cyber Security – System Security Management |
| 217 |
NERC CIP-008-3 – Cyber Security – Incident Reporting and Response Planning |
| 218 |
NERC CIP-009-3 – Cyber Security – Recovery Plans for Critical Cyber Assets |
| 219 |
NERC CIP-009-6 – Cyber Security – Recovery Plans for BES Cyber Systems |
| 220 |
NERC CIP-010-2 – Cyber Security – Configuration Change Management and Vulnerability Assessments |
| 221 |
NERC CIP-011-2 – Cyber Security – Information Protection |
| 222 |
NERC CIP-014-1 – Cyber Security – Physical Security |
| 223 |
NERC CIP-014-2 – Cyber Security – Physical Security |
| 224 |
16 CFR 318 – Health Breach Notification Rule (FTC) |
| 225 |
California – Electronic Communications Privacy Act |
| 226 |
Connecticut – Public Act No. 15-142 – An Act Improving Data Security and Agency Effectiveness |
| 227 |
FFIEC IT Examination Handbook – Management 2015 |
| 228 |
FIPS Publication 199 – Standards for Security Categorization of Federal Information and Information Systems |
| 229 |
FIPS Publication 200 – Minimum Security Requirements for Federal Information and Information Systems |
| 230 |
NIST SP 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations |
| 231 |
OMB Circular A-123, Managements Responsibility for Internal Control |
| 232 |
Federal Information Systems Controls Audit Manual (FISCAM) – 2009 |
| 233 |
Consumer Financial Protection Bureau Regulations |
| 234 |
Consumer Financial Protection Act |
| 235 |
Childrens Online Privacy Protection Rule |
| 236 |
Childrens Online Privacy Protection Act |
| 237 |
Right to Financial Privacy Act |
| 238 |
Fair Credit Reporting Act |
| 239 |
Commodity Futures Trading Commission Regulations |
| 240 |
Securities and Exchange Commission Regulations |
| 241 |
Department of the Treasury Regulations |
| 242 |
16 CFR Part 313 – Privacy of Consumer Financial Information |
| 243 |
16 CFR Part 314 – Standards for Safeguarding Customer Information |
| 244 |
Bank Secrecy Act |
| 245 |
CIS Critical Security Controls v6.0 |
| 246 |
CSA-CCM v3.0.1 |
| 247 |
Payment Card Industry Data Security Standard (PCI DSS) 3.2 – Requirements and Security Assessment Procedures |
| 248 |
IRS Publication 4812 (Rev 10-2015) |
| 249 |
FFIEC IT Examination Handbook – Retail Payment Systems (2016) |
| 250 |
NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems |
| 251 |
NIST SP 800-16 – Information Technology Security Training Requirements |
| 252 |
NIST SP 800-18 Rev1 – Guide for Developing Security Plans for Federal Information Systems |
| 253 |
NIST SP 800-21 – Guideline for Implementing Cryptography In the Federal Government |
| 254 |
NIST SP 800-34 Rev1 – Contingency Planning Guide for Federal Information Systems |
| 255 |
NIST SP 800-37 Rev1 – Guide for Applying the Risk Management Framework to Federal Information Systems |
| 256 |
NIST SP 800-47 – Security Guide for Interconnecting Information Technology Systems |
| 257 |
NIST SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories |
| 258 |
NIST SP 800-61 – Computer Security Incident Handling Guide |
| 259 |
NIST SP 800-64 – Security Considerations in the System Development Life Cycle |
| 260 |
NIST SP 800-81-2 – Secure Domain Name System (DNS) Deployment Guide |
| 261 |
NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) |
| 262 |
NIST SP 800-123 – Guide to General Server Security |
| 263 |
NIST SP 800-125 – Guide to Security for Full Virtualization Technologies |
| 264 |
NIST SP 800-127 – Guide to Securing WiMAX Wireless Communications |
| 265 |
NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems |
| 266 |
NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations |
| 267 |
NIST SP 800-144 – Guidelines on Security and Privacy in Public Cloud Computing |
| 268 |
PCI Mobile Payment Acceptance Security Guidelines (07/14) |
| 269 |
PCI DSS Risk Assessment Guidelines (11/12) |
| 270 |
PCI Best Practices for Implementing a Security Awareness Program (10/14) |
| 271 |
PCI DSS Cloud Computing Guidelines (02/13) |
| 272 |
DHS Sensitive Systems Policy Directive 4300A v12.01 (02/16) |
| 273 |
EU-US Privacy Shield Framework |
| 274 |
21 CFR Part 21 – Protection of Privacy |
| 275 |
Federal Information Security Management Act |
| 276 |
Basel Committee on Banking Supervision: Principles for the Sound Management of Operational Risk |
| 277 |
United States Privacy – Pennsylvania – Breach of Personal Information Notification Act |
| 278 |
CAN-SPAM Act of 2003 |
| 279 |
16 CFR Part 316 – CAN-SPAM Rule |
| 280 |
34 CFR Part 99 (Family Educational Rights and Privacy) |
| 281 |
FFIEC IT Examination Handbook: Supervision of Technology Service Providers (2012) |
| 282 |
OMB Circular A-130 – Management of Federal Information Resources |
| 283 |
FFIEC IT Examination Handbook – Information Security (09-16) |
| 284 |
17 CFR 37 Subpart O – System Safeguards (2016) |
| 285 |
17 CFR 38 Subpart U – System Safeguards (2016) |
| 286 |
17 CFR 39 Subpart B – System Safeguards (2016) |
| 287 |
17 CFR 49 – System Safeguards (2016) |
| 288 |
CIS Critical Security Controls v6.1 |
| 289 |
IRS Publication 1075 (2016) |
| 290 |
NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies |
| 291 |
US-CERT Cyber Resilience Review (CRR) |
| 292 |
Responsible Care: Security Code of Management Practices |
| 293 |
NIST SP 800-82 – Guide to Industrial Control Systems (ICS) Security Rev 2 |
| 294 |
CPMI-IOSCO – Guidance on Cyber Resilience for Financial Market Infrastructures |
| 295 |
NIST SP 800-160 – Systems Security Engineering |
| 296 |
HIPAA Audit Protocol (2016) |
| 297 |
SAMHSA – Confidentiality of Substance Use Disorder Patient Records |
| 298 |
PCI Terminal Software Security |
| 299 |
PCI Tokenization Product Security Guidelines |
| 300 |
PCI Mobile Payment Acceptance Security Guidelines for Developers (07/14) |
| 301 |
PCI – Skimming Prevention – Best Practices for Merchants |
| 302 |
PCI ATM Security Guidelines |
| 303 |
PCI Card Production and Provisioning – Logical Security Requirements v2.0 |
| 304 |
PCI Card Production and Provisioning – Physical Security Requirements v2.0 |
| 305 |
PCI Effective Daily Log Monitoring |
| 306 |
PCI DSS Wireless Guidelines v2.0 |
| 307 |
PCI Penetration Testing Guidance |
| 308 |
PCI Third-Party Security Assurance |
| 309 |
DHS – Chemical Facility Anti-Terrorism Standards – Risk-Based Performance Standards Guidance |
| 310 |
Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (GDPR – General Data Protection Regulation) |
| 311 |
33 CFR Subchapter H – Maritime Security |
| 312 |
6 CFR Part 27 – Chemical Facility Anti-Terrorism Standards |
| 313 |
CBEST Intelligence-Led Testing – Understanding Cyber Threat Intelligence Operations v2.0 |
| 314 |
CBEST Intelligence-Led Testing – CBEST Services Assessment Guide v2.0 |
| 315 |
CBEST Intelligence-Led Testing – CBEST Implementation Guide v2.0 |
| 316 |
NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors |
| 317 |
NRC Regulations – System and Network Protection |
| 318 |
NRC Regulations – Cybersecurity Event Notification |
| 319 |
DOE Electricity Subsector Cybersecurity Risk Management Process |
| 320 |
State of Nevada – Gaming Control Board – Minimum Internal Control Standards – Information Technology – v7 – 2014 |
| 321 |
State of Nevada – Gaming Control Board – CPA MICS Compliance Checklist – IT v7 |
| 322 |
State of Illinois – Gaming Board – Minimum Internal Control Standards 2016 |
| 323 |
State of New Jersey: Gaming Control 13:69D-1.11 (Casino Licensees Organization) 2014 |
| 324 |
State of New Jersey: Gaming Control 13:69D-2 (Casino Computer Systems) 2014 |
| 325 |
FDA – Postmarket Management of Cybersecurity in Medical Devices |
| 326 |
NSA/CSS – Information Assurance Directorate – NSA Methodology for Adversary Obstruction |
| 327 |
FINRA Rules |
| 328 |
FINRA – Capital Acquisition Broker Rules |
| 329 |
FINRA – Funding Portal Rules |
| 330 |
FINRA – NASD Rules |
| 331 |
FINRA – Incorporated NYSE Rules |
| 332 |
FINRA – Incorporated NYSE Rule Interpretations |
| 333 |
Swiss-US Privacy Shield Framework |
| 334 |
APEC Privacy Framework |
| 335 |
APEC Privacy Framework 2015 |
| 336 |
APEC Cooperation Arrangement for Cross-Border Privacy Enforcement |
| 337 |
APEC Cross-Border Privacy Rules System |
| 338 |
APEC Privacy Recognition for Processors System |
| 339 |
APEC CBPR System Intake Questionnaire |
| 340 |
APEC PRP Intake Questionnaire for Personal Information Processors |
| 341 |
United States Privacy – Alabama – Medical Record Services |
| 342 |
United States Privacy – Alabama – Guidelines for Medical Records Management |
| 343 |
United States Privacy – Alabama – Minimum Standards for Medical Records |
| 344 |
United States Privacy – Alaska – Health Care Services Information and Review Organizations |
| 345 |
United States Privacy – Alaska – Hospital records retention |
| 346 |
United States Privacy – Alaska – Confidential records |
| 347 |
United States Privacy – Alaska – Records of alcoholics, drug abusers, and intoxicated persons |
| 348 |
United States Privacy – Alaska – Medical Record Service |
| 349 |
United States Privacy – Arizona – Evidence – Medical Records |
| 350 |
United States Privacy – Arizona – Medical Records |
| 351 |
United States Privacy – Arizona – Health Information Organizations |
| 352 |
United States Privacy – Arkansas – Access to medical records |
| 353 |
United States Privacy – Arkansas – Patient Medical Records Privacy Act |
| 354 |
United States Privacy – Arkansas – Health Information Services |
| 355 |
United States Privacy – California – Confidentiality of Medical Information Act |
| 356 |
United States Privacy – California – Unauthorized Access to Medical Information |
| 357 |
United States Privacy – California – Patient Access to Health Records |
| 358 |
United States Privacy – California – Medical Records |
| 359 |
United States Privacy – Colorado – Protection of Medical Records |
| 360 |
United States Privacy – Colorado – Patient Records |
| 361 |
United States Privacy – Colorado – Mental health records |
| 362 |
United States Privacy – Colorado – Access to Patient Medical Records |
| 363 |
United States Privacy – Connecticut – Confidentiality of medical records |
| 364 |
United States Privacy – Connecticut – Medical Records |
| 365 |
United States Privacy – Connecticut – Department of Health Services – Medical Records |
| 366 |
United States Privacy – Delaware – Informed Consent and Confidentiality – Genetic Information |
| 367 |
United States Privacy – Delaware – Informed Consent and Confidentiality – Confidentiality of Personal Health Information |
| 368 |
United States Privacy – District of Columbia – Mental Health Information |
| 369 |
United States Privacy – Florida – Patient Records |
| 370 |
United States Privacy – Georgia – Health Records |
| 371 |
United States Privacy – Georgia – Clinical Records |
| 372 |
United States Privacy – Hawaii – Health Care Privacy Harmonization Act |
| 373 |
United States Privacy – Hawaii – Medical Records |
| 374 |
United States Privacy – Illinois – Health Care Records |
| 375 |
United States Privacy – Indiana – Health Records and Identifying Information Protection |
| 376 |
United States Privacy – Indiana – Health Records |
| 377 |
United States Privacy – Kansas – Health Care Data |
| 378 |
United States Privacy – Kentucky – Privacy of health information |
| 379 |
United States Privacy – Louisiana Health Care Consumers’ Right to Know |
| 380 |
United States Privacy – Louisiana – Hospital Records and Retention Act |
| 381 |
United States Privacy – Louisiana – Prohibitions on the Use of Medical Information and Genetic Test Results |
| 382 |
United States Privacy – Maine – Patient Access to Hospital Medical Records |
| 383 |
United States Privacy – Maryland – Confidentiality of Medical Records |
| 384 |
United States Privacy – Massachusetts – Inspection of Health Records |
| 385 |
United States Privacy – Michigan – Medical Records Access Act |
| 386 |
United States Privacy – Minnesota – Minnesota Health Records Act |
| 387 |
United States Privacy – Mississippi – Hospital Records – Preparation, Preservation & Destruction |
| 388 |
United States Privacy – Mississippi – Medical Records |
| 389 |
United States Privacy – Montana – Health Care Information Privacy Requirements for Providers Subject to HIPAA |
| 390 |
United States Privacy – Montana – Uniform Health Care Information |
| 391 |
United States Privacy – Montana – Government Health Care Information |
| 392 |
United States Privacy – Nebraska – Medical Records |
| 393 |
United States Privacy – Nevada – Healing Arts Generally |
| 394 |
United States Privacy – Nevada – Electronic transmission of health information |
| 395 |
United States Privacy – Nevada – Health Information Exchanges |
| 396 |
United States Privacy – New Hampshire – Medical Records, Patient Information, and the Health Information Organization Corporation |
| 397 |
United States Privacy – New Jersey – Health Insurance Carrier Computerized Records |
| 398 |
United States Privacy – New Mexico – Health and Hospital Records |
| 399 |
United States Privacy – New Mexico – Health Information Systems |
| 400 |
United States Privacy – New Mexico – Electronic Medical Records |
| 401 |
United States Privacy – New Mexico – Genetic Information Privacy |
| 402 |
United States Privacy – New York – Public Health – General Provisions |
| 403 |
United States Privacy – North Dakota – Health Information Protection |
| 404 |
United States Privacy – Ohio – Protected Health Information |
| 405 |
United States Privacy – Oregon – Protected Health Information |
| 406 |
United States Privacy – Pennsylvania – Medical Records Services |
| 407 |
United States Privacy – Pennsylvania – Privacy of Consumer Health Information |
| 408 |
United States Privacy – Rhode Island – Confidentiality of Health Care Information Act |
| 409 |
United States Privacy – Rhode Island – Rhode Island Health Information Exchange Act of 2008 |
| 410 |
United States Privacy – Rhode Island – Privacy of Consumer Health Information |
| 411 |
United States Privacy – Rhode Island – Medical Records |
| 412 |
United States Privacy – South Carolina – Mental Illness / Substance Abuse Records |
| 413 |
United States Privacy – South Carolina – Physicians’ Patient Records Act |
| 414 |
United States Privacy – South Carolina – Prescription Information Privacy Act |
| 415 |
United States Privacy – South Carolina – Privacy of Genetic Information |
| 416 |
United States Privacy – South Dakota – Release of Medical Records |
| 417 |
United States Privacy – South Dakota – Transfer or Destruction of Patient Records |
| 418 |
United States Privacy – Tennessee – Medical Records |
| 419 |
United States Privacy – Tennessee – Vital Records Act of 1977 |
| 420 |
United States Privacy – Tennessee – Medical Records Act of 1974 |
| 421 |
United States Privacy – Tennessee – Hospital Records as Evidence |
| 422 |
United States Privacy – Tennessee – Patient’s Privacy Protection Act |
| 423 |
United States Privacy – Texas – Medical Records Privacy |
| 424 |
United States Privacy – Texas – Hospital Medical Records |
| 425 |
United States Privacy – Texas – Insurance Code – Privacy of Health Information |
| 426 |
United States Privacy – Texas – Insurance Consumer Health Information Privacy |
| 427 |
United States Privacy – Utah – Access to Medical Records |
| 428 |
United States Privacy – Vermont – Health Care Privacy |
| 429 |
United States Privacy – Vermont – Health – Disclosure of information |
| 430 |
United States Privacy – Virginia – Health Information |
| 431 |
United States Privacy – Virginia – Health Records |
| 432 |
United States Privacy – Washington – Health Information |
| 433 |
United States Privacy – Washington – Medical Records – Health Care Information Access and Disclosure |
| 434 |
United States Privacy – Washington – Medical Records Retention and Preservation |
| 435 |
United States Privacy – West Virginia – Health Care Records |
| 436 |
United States Privacy – Wisconsin – Health Care Records |
| 437 |
United States Privacy – Wisconsin – Health Care Information |
| 438 |
United States Privacy – Wisconsin – Insurers: Disclosure of Personal Medical Information |
| 439 |
United States Privacy – Wyoming – Hospital Records and Information |
| 440 |
United States Privacy – Connecticut – State Contractors Confidential Information |
| 441 |
United States Privacy – Florida – Security of confidential personal information |
| 442 |
United States Privacy – Georgia – Disclosure of Certain Customer Information |
| 443 |
United States Privacy – Illinois – Personal Information Protection Act (2016) |
| 444 |
United States Privacy – Indiana – Notice of Security Breach |
| 445 |
United States Privacy – Kentucky – Records Containing Personally Identifiable Information |
| 446 |
United States Privacy – Kentucky – Personal Information Security and Breach Investigations |
| 447 |
United States Privacy – Maryland – Protection of Information by State Agencies |
| 448 |
United States Privacy – Massachusetts – Security Breaches |
| 449 |
United States Privacy – Montana – State Agency Protection of Personal Information |
| 450 |
United States Privacy – Montana – Computer Security Breach |
| 451 |
United States Privacy – Nevada – Breach of State Agency Information System |
| 452 |
United States Privacy – New Mexico – Data Breach Notification Act |
| 453 |
United States Privacy – New York – Internet Security and Privacy Act |
| 454 |
United States Privacy – Ohio – Personal Information Systems |
| 455 |
United States Privacy – Oklahoma – Disclosure of breach of security of computerized personal information |
| 456 |
United States Privacy – Rhode Island – Rhode Island Identity Theft Protection Act of 2015 |
| 457 |
United States Privacy – Tennessee – Report to comptroller of treasury |
|
Payment Card Industry Data Security Standard 3.2 (PCI 3.2) |
Core Advisory
Risk Transformation
Enterprise Security Architecture
Cyber Defense and Incident Response
Emerging Technologies & AI
