Edgile ArC Content – Master Source List
The following sources are available immediately for your use July 1, 2020:
Source ID | SourceName | SourceGroup | SourceJurisdiction |
292 | American Chemistry Council – Responsible Care: Security Code of Management Practices | Chemical | US |
309 | DHS – Chemical Facility Anti-Terrorism Standards – Risk-Based Performance Standards Guidance | Chemical | US |
2 | COBIT 4.1 | Cross-Industry | Global |
140 | COBIT 5 | Cross-Industry | Global |
147 | AICPA Trust Principles | Cross-Industry | Global |
152 | Committee of Sponsoring Organizations of the Treadway Commission: Internal Control – Integrated Framework | Cross-Industry | Global |
153 | Cybersecurity Capability Maturity Model (C2M2) Version 1.1 | Cross-Industry | Global |
246 | Cloud Security Alliance – Cloud Controls Matrix v3.0.1 | Cross-Industry | US |
278 | CAN-SPAM Act of 2003 | Cross-Industry | US |
279 | 16 CFR 316 – CAN-SPAM Rule | Cross-Industry | US |
291 | US-CERT Cyber Resilience Review (CRR) | Cross-Industry | US |
326 | NSA/CSS – Information Assurance Directorate – NSA Methodology for Adversary Obstruction | Cross-Industry | US |
586 | AICPA – TSP Section 100 2017 Trust Services Criteria | Cross-Industry | Global |
288 | CIS Critical Security Controls v6.1 | Cross-Industry – CIS | US |
483 | CIS Controls Version 7 | Cross-Industry – CIS | US |
540 | CIS Controls Version 7.1 | Cross-Industry – CIS | US |
28 | ISO/IEC 27005:2011 – Information technology Security techniques – Information security risk management | Cross-Industry – ISO | Global |
132 | ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements | Cross-Industry – ISO | Global |
133 | ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls | Cross-Industry – ISO | Global |
480 | ISO/IEC 27017:2015 – Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services | Cross-Industry – ISO | Global |
541 | ISO 13485: 2016 – Medical Devices – Quality Management Systems – Requirements For Regulatory Purposes | Cross-Industry – ISO | Global |
578 | ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements – Annex A | Cross-Industry – ISO
|
Global |
247 | Payment Card Industry Data Security Standard (PCI DSS) 3.2 – Requirements and Security Assessment Procedures | Cross-Industry – PCI | Global – PCI |
268 | PCI Mobile Payment Acceptance Security Guidelines (07/14) | Cross-Industry – PCI | Global – PCI |
269 | PCI DSS Risk Assessment Guidelines (11/12) | Cross-Industry – PCI | Global – PCI |
270 | PCI Best Practices for Implementing a Security Awareness Program (10/14) | Cross-Industry – PCI | Global – PCI |
271 | PCI DSS Cloud Computing Guidelines (02/13) | Cross-Industry – PCI | Global – PCI |
298 | PCI Terminal Software Security | Cross-Industry – PCI | Global – PCI |
299 | PCI Tokenization Product Security Guidelines | Cross-Industry – PCI | Global – PCI |
300 | PCI Mobile Payment Acceptance Security Guidelines for Developers (07/14) | Cross-Industry – PCI | Global – PCI |
301 | PCI – Skimming Prevention – Best Practices for Merchants | Cross-Industry – PCI | Global – PCI |
302 | PCI ATM Security Guidelines | Cross-Industry – PCI | Global – PCI |
303 | PCI Card Production and Provisioning – Logical Security Requirements v2.0 | Cross-Industry – PCI | Global – PCI |
304 | PCI Card Production and Provisioning – Physical Security Requirements v2.0 | Cross-Industry – PCI | Global – PCI |
305 | PCI Effective Daily Log Monitoring | Cross-Industry – PCI | Global – PCI |
306 | PCI DSS Wireless Guidelines v2.0 | Cross-Industry – PCI | Global – PCI |
307 | PCI Penetration Testing Guidance | Cross-Industry – PCI | Global – PCI |
308 | PCI Third-Party Security Assurance | Cross-Industry – PCI | Global – PCI |
489 | PCI DSS Cloud Computing Guidelines (2018) | Cross-Industry – PCI | Global – PCI |
565 | PCI Software Security Framework – Secure Software Requirements and Assessment Procedures v 1.0 | Cross-Industry – PCI | Global – PCI |
566 | PCI Software Security Framework – Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures v1.0 | Cross-Industry – PCI | Global – PCI |
24 | International Privacy – India Information Technology (Amendment) Act 2008 and Privacy Rules | Cross-Industry – Privacy | India |
70 | AK – Personal Information Protection Act | Cross-Industry – Privacy | US State – Alaska |
71 | AZ – Data Security Breaches | Cross-Industry – Privacy | US State – Arizona |
72 | AR – Personal Information Protection Act | Cross-Industry – Privacy | US State – Arkansas |
73 | CA – Business and Professions Code Sections 22575 – 22579 | Cross-Industry – Privacy | US State – California |
74 | CA – Confidentiality of Medical Information Act | Cross-Industry – Privacy | US State – California |
75 | CA – Information Practices Act of 1977 | Cross-Industry – Privacy | US State – California |
76 | CO – Consumer Protection Act | Cross-Industry – Privacy | US State – Colorado |
77 | CT – Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practice. | Cross-Industry – Privacy | US State – Connecticut |
78 | DE – Title 6 Chapter 12B. Computer Security Breaches | Cross-Industry – Privacy | US State – Delaware |
79 | DC – Notification of security breach | Cross-Industry – Privacy | US State – District of Columbia |
80 | FL – Chapter 817.5681 – Breach of security concerning confidential personal information in third-party possession; administrative penalties | Cross-Industry – Privacy | US State – Florida |
81 | GA – Breach of the security of the system | Cross-Industry – Privacy | US State – Georgia |
82 | HI – Security Breach of Personal Information | Cross-Industry – Privacy | US State – Hawaii |
83 | ID – Chapter 51 Identity Theft | Cross-Industry – Privacy | US State – Idaho |
84 | IL – Personal Information Protection Act | Cross-Industry – Privacy | US State – Illinois |
85 | IN – Chapter 3. Disclosure and Notification Requirements | Cross-Industry – Privacy | US State – Indiana |
86 | IA Chapter 715 C Personal Information Security Breach Protection | Cross-Industry – Privacy | US State – Iowa |
87 | KS – Chapter 50: Article 7a: Protection Of Consumer Information | Cross-Industry – Privacy | US State – Kansas |
88 | LA – Database Security Breach Notification Law | Cross-Industry – Privacy | US State – Louisiana |
89 | ME – Chapter 210-B: Notice of Risk to Personal Data | Cross-Industry – Privacy | US State – Maine |
90 | MD – Title 14, Subtitle 35 – MD Personal Information Protection Act | Cross-Industry – Privacy | US State – Maryland |
91 | MA – Act 2007 Chapter 82: An Act Relative to Security Freezes and Notification of Data Breaches | Cross-Industry – Privacy | US State – Massachusetts |
92 | MA – 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of Commonwealth | Cross-Industry – Privacy | US State – Massachusetts |
93 | MI – Identity Theft Protection Act | Cross-Industry – Privacy | US State – Michigan |
94 | MN – 325E.64 Access Devices; Breach of Security | Cross-Industry – Privacy | US State – Minnesota |
95 | MN – 325E.61 Data Warehouses; Notice Required for Certain Disclosures | Cross-Industry – Privacy | US State – Minnesota |
96 | MS – 75-24-29. Persons conducting business in MS required to provide notice of a breach of security involving personal information to all affected individuals; enforcement | Cross-Industry – Privacy | US State – Mississippi |
97 | MO – MO-407.1500.1 Notice to consumer for breach of security, procedure–attorney general may bring action for damages | Cross-Industry – Privacy | US State – Missouri |
98 | MT – Impediment of Identity Theft | Cross-Industry – Privacy | US State – Montana |
99 | NE – Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 | Cross-Industry – Privacy | US State – Nebraska |
100 | NV – Chapter 603A Security of Personal Information | Cross-Industry – Privacy | US State – Nevada |
101 | NH – Chapter 359-C Right to Privacy | Cross-Industry – Privacy | US State – New Hampshire |
102 | NJ – Identity Theft Prevention Act | Cross-Industry – Privacy | US State – New Jersey |
103 | NY – Notification; person without valid authorization has acquired private information. | Cross-Industry – Privacy | US State – New York |
104 | NC – Identity Theft Protection Act | Cross-Industry – Privacy | US State – North Carolina |
105 | ND – Chapter 51-30 Notice of Security Breach for Personal Information | Cross-Industry – Privacy | US State – North Dakota |
106 | OH – 1349.19 Private disclosure of security breach of computerized personal information data | Cross-Industry – Privacy | US State – Ohio |
107 | OK – Security Breach Notification Act | Cross-Industry – Privacy | US State – Oklahoma |
108 | OR – 646A – Identity Theft Prevention | Cross-Industry – Privacy | US State – Oregon |
109 | RI – CHAPTER 11-49.2 Identity Theft Protection | Cross-Industry – Privacy | US State – Rhode Island |
110 | SC – 39-1-90. Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division | Cross-Industry – Privacy | US State – South Carolina |
111 | TN – Title 47 Commercial Instruments and Transactions Chapter 18 Consumer Protection Part 21 Identity Theft | Cross-Industry – Privacy | US State – Tennessee |
112 | TX – Title 11. Personal Identity Information – Subtitle B. Identity Theft Chapter 521. Unauthorized Use of Identifying Information | Cross-Industry – Privacy | US State – Texas |
113 | UT – Protection of Personal Information Act | Cross-Industry – Privacy | US State – Utah |
114 | VT – 9 V.S.A. – Section 2445. Safe destruction of documents containing personal information | Cross-Industry – Privacy | US State – Vermont |
115 | VT – Security Breach Notice Act | Cross-Industry – Privacy | US State – Vermont |
116 | VT – Social Security Number Protection Act | Cross-Industry – Privacy | US State – Vermont |
117 | VA – 18.2-186.6. Breach of personal information notification | Cross-Industry – Privacy | US State – Virginia |
118 | WA – RCW 19.255.010 – Disclosure, notice Definitions Rights, remedies | Cross-Industry – Privacy | US State – Washington |
119 | WA – RCW 42.56.590 – Personal information Notice of security breaches | Cross-Industry – Privacy | US State – Washington |
120 | WV – Chapter 46A. West VA Consumer Credit and Protection Act Article 2A. Breach of Security of Consumer Information | Cross-Industry – Privacy | US State – West Virginia |
121 | WI – 134.98 Notice of unauthorized acquisition of personal information | Cross-Industry – Privacy | US State – Wisconsin |
122 | WY – Consumer Protection Act | Cross-Industry – Privacy | US State – Wyoming |
143 | Privacy and Electronic Communications (EC Directive) Regulations 2003 | Cross-Industry – Privacy | United Kingdom |
144 | UK Data Protection Act of 1998 | Cross-Industry – Privacy | United Kingdom |
225 | CA – Electronic Communications Privacy Act | Cross-Industry – Privacy | US State – California |
226 | CT – Public Act No. 15-142 – An Act Improving Data Security and Agency Effectiveness | Cross-Industry – Privacy | US State – Connecticut |
235 | 16 CFR 312 – Children’s Online Privacy Protection Rule | Cross-Industry – Privacy | US |
236 | Childrens Online Privacy Protection Act | Cross-Industry – Privacy | US |
238 | Fair Credit Reporting Act | Cross-Industry – Privacy | US |
273 | EU-US Privacy Shield Framework | Cross-Industry – Privacy | EU-US |
277 | PA – Breach of Personal Information Notification Act | Cross-Industry – Privacy | US State – Pennsylvania |
310 | Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (GDPR – General Data Protection Regulation) | Cross-Industry – Privacy | EU |
333 | Swiss-US Privacy Shield Framework | Cross-Industry – Privacy | Switzerland-US |
334 | APEC Privacy Framework | Cross-Industry – Privacy | Global – APEC |
335 | APEC Privacy Framework 2015 | Cross-Industry – Privacy | Global – APEC |
336 | APEC Cooperation Arrangement for Cross-Border Privacy Enforcement | Cross-Industry – Privacy | Global – APEC |
337 | APEC Cross-Border Privacy Rules System | Cross-Industry – Privacy | Global – APEC |
338 | APEC Privacy Recognition for Processors System | Cross-Industry – Privacy | Global – APEC |
339 | APEC CBPR System Intake Questionnaire | Cross-Industry – Privacy | Global – APEC |
340 | APEC PRP Intake Questionnaire for Personal Information Processors | Cross-Industry – Privacy | Global – APEC |
440 | CT – State Contractors Confidential Information | Cross-Industry – Privacy | US State – Connecticut |
441 | FL – Security of confidential personal information | Cross-Industry – Privacy | US State – Florida |
442 | GA – Disclosure of Certain Customer Information | Cross-Industry – Privacy | US State – Georgia |
443 | IL – Personal Information Protection Act (2016) | Cross-Industry – Privacy | US State – Illinois |
444 | IN – Notice of Security Breach | Cross-Industry – Privacy | US State – Indiana |
445 | KY – Records Containing Personally Identifiable Information | Cross-Industry – Privacy | US State – Kentucky |
446 | KY – Personal Information Security and Breach Investigations | Cross-Industry – Privacy | US State – Kentucky |
447 | MD – Protection of Information by State Agencies | Cross-Industry – Privacy | US State – Maryland |
448 | MA – Security Breaches | Cross-Industry – Privacy | US State – Massachusetts |
449 | MT – State Agency Protection of Personal Information | Cross-Industry – Privacy | US State – Montana |
450 | MT – Computer Security Breach | Cross-Industry – Privacy | US State – Montana |
451 | NV – Breach of State Agency Information System | Cross-Industry – Privacy | US State – Nevada |
452 | NM – Data Breach Notification Act | Cross-Industry – Privacy | US State – New Mexico |
453 | NY – Internet Security and Privacy Act | Cross-Industry – Privacy | US State – New York |
454 | OH – Personal Information Systems | Cross-Industry – Privacy | US State – Ohio |
455 | OK – Disclosure of breach of security of computerized personal information | Cross-Industry – Privacy | US State – Oklahoma |
456 | RI – RI Identity Theft Protection Act of 2015 | Cross-Industry – Privacy | US State – Rhode Island |
457 | TN – Report to comptroller of treasury | Cross-Industry – Privacy | US State – Tennessee |
458 | AK – Personal Information Protection Act – Disposal of Records | Cross-Industry – Privacy | US State – Alaska |
459 | AZ – Discard and Disposal of Personal Identifying Information Records | Cross-Industry – Privacy | US State – Arizona |
460 | CT – Protection of Social Security Numbers and Personal Information | Cross-Industry – Privacy | US State – Connecticut |
461 | DE – Safe Destruction of Records Containing Personal Identifying Information | Cross-Industry – Privacy | US State – Delaware |
462 | DE – Right to Inspect Personnel Files Act | Cross-Industry – Privacy | US State – Delaware |
463 | GA – Disposal of business records containing personal information | Cross-Industry – Privacy | US State – Georgia |
464 | IL – Data Security on State Computers Act | Cross-Industry – Privacy | US State – Illinois |
465 | IN – Persons Holding a Customer’s Personal Information | Cross-Industry – Privacy | US State – Indiana |
466 | KS – Holders of Personal Information | Cross-Industry – Privacy | US State – Kansas |
467 | MA – Dispositions and Destruction of Records | Cross-Industry – Privacy | US State – Massachusetts |
468 | NY – Disposal of records containing personal identifying information | Cross-Industry – Privacy | US State – New York |
469 | RI – Safe Destruction of Documents Containing Personal Information | Cross-Industry – Privacy | US State – Rhode Island |
470 | SC – Family and Personal Identifying Information Privacy Protection | Cross-Industry – Privacy | US State – South Carolina |
471 | SC – Consumer Identity Theft Protection | Cross-Industry – Privacy | US State – South Carolina |
472 | TN – Identity Theft Victims’ Rights Act of 2004 | Cross-Industry – Privacy | US State – Tennessee |
473 | TX – Disposal of Business Records | Cross-Industry – Privacy | US State – Texas |
474 | WA – Disposal of Personal Information | Cross-Industry – Privacy | US State – Washington |
475 | WI – Disposal of records containing personal information | Cross-Industry – Privacy | US State – Wisconsin |
484 | SD – SD Data Breach Notification Act | Cross-Industry – Privacy | US State – South Dakota |
493 | AL – AL Data Breach Notification Act of 2018 | Cross-Industry – Privacy | US State – Alabama |
495 | CA – California Consumer Privacy Act of 2018 | Cross-Industry – Privacy | US State – California |
496 | OH – Data Breach Safe Harbor | Cross-Industry – Privacy | US State – Ohio |
497 | VT – Data Brokers and Consumer Protection Act | Cross-Industry – Privacy | US State – Vermont |
499 | CA – Security of Connected Devices | Cross-Industry – Privacy | US State – California |
511 | Guam – Notification of Breaches of Personal Information | Cross-Industry – Privacy | US Territory – Guam |
512 | Puerto Rico – Citizen Information on Data Banks Security Act | Cross-Industry – Privacy | US Territory – Puerto Rico |
513 | US Virgin Islands – Identity Theft Prevention Act | Cross-Industry – Privacy | US Territory – US Virgin Islands |
553 | NY – New York SHIELD Act | Cross-Industry – Privacy | US State – New York |
554 | Canada – PIPEDA | Cross-Industry – Privacy | Canada |
563 | CA – California Data Broker Registration Act | Cross-Industry – Privacy | US State – California |
575 | Canada – Quebec – Privacy Act | Cross-Industry – Privacy | Canada |
576 | Canada – Alberta – Personal Information Protection Act | Cross-Industry – Privacy | Canada |
577 | Canada – British Columbia – Personal Information Protection Act | Cross-Industry – Privacy | Canada |
579 | CA – California Consumer Privacy Act Regulations | Cross-Industry – Privacy | US State – California |
280 | 34 CFR 99 – Family Educational Rights and Privacy | Education | US |
587 | PTAC Data Security Checklist | Education | US |
43 | NERC CIP-008-5 Cyber Security – Incident Reporting and Response Planning | Energy | US |
55 | 10 CFR 73.54 – Protection of digital computer and communication systems and networks | Energy | US |
204 | NERC CIP-002-5.1 Cyber Security – BES Cyber System Categorization | Energy | US |
207 | NERC CIP-003-6 Cyber Security – Security Management Controls | Energy | US |
210 | NERC CIP-004-6 Cyber Security – Personnel & Training | Energy | US |
213 | NERC CIP-006-6 Cyber Security – Physical Security of BES Cyber Systems | Energy | US |
216 | NERC CIP-007-6 Cyber Security – System Security Management | Energy | US |
219 | NERC CIP-009-6 Cyber Security – Recovery Plans for BES Cyber Systems | Energy | US |
220 | NERC CIP-010-2 Cyber Security – Configuration Change Management and Vulnerability Assessments | Energy | US |
221 | NERC CIP-011-2 Cyber Security – Information Protection | Energy | US |
223 | NERC CIP-014-2 Cyber Security – Physical Security | Energy | US |
316 | NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors | Energy | US |
317 | 10 CFR 73.54 – Protection of digital computer and communication systems and networks (NRC) | Energy | US |
318 | 10 CFR 73.77 – Cyber security event notifications (NRC) | Energy | US |
319 | DOE Electricity Subsector Cybersecurity Risk Management Process | Energy | US |
506 | NERC CIP-013-1 Cyber Security – Supply Chain Risk Management | Energy | US |
581 | NERC CIP-005-6 Cyber Security – Electronic Security Perimeter(s) | Energy | US |
582 | NERC CIP-008-6 Cyber Security – Incident Reporting and Response Planning | Energy | US |
583 | NERC CIP-010-3 Cyber Security – Configuration Change Management and Vulnerability Assessments | Energy | US |
584 | NERC CIP-012-1 Cyber Security – Communications Between Control Centers | Energy | US |
68 | 21 CFR 11 Electronic Records; Electronic Signatures | FDA | US |
69 | 21 CFR 820 Quality System Regulation | FDA | US |
274 | 21 CFR 21 – Protection of Privacy | FDA | US |
325 | FDA – Postmarket Management of Cybersecurity in Medical Devices | FDA | US |
485 | 21 CFR Subchapter H – Medical Devices (FDA) | FDA | US |
486 | FDA – Software as a Medical Device – Guidance | FDA | US |
487 | FDA – Cybersecurity for Networked Medical Devices Containing OTS Software | FDA | US |
52 | NIST SP 800-53 r4 – Security and Privacy Controls for Federal Information Systems and Organizations | Federal | US |
53 | NIST SP 800-53A – Federal IS Test Procedures | Federal | US |
228 | FIPS Publication 199 – Standards for Security Categorization of Federal Information and Information Systems | Federal | US |
229 | FIPS Publication 200 – Minimum Security Requirements for Federal Information and Information Systems | Federal | US |
231 | OMB Circular A-123, Managements Responsibility for Internal Control | Federal | US |
232 | Federal Information Systems Controls Audit Manual (FISCAM) – 2009 | Federal | US |
250 | NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems | Federal | US |
251 | NIST SP 800-16 – Information Technology Security Training Requirements | Federal | US |
252 | NIST SP 800-18 Rev1 – Guide for Developing Security Plans for Federal Information Systems | Federal | US |
254 | NIST SP 800-34 Rev1 – Contingency Planning Guide for Federal Information Systems | Federal | US |
255 | NIST SP 800-37 Rev1 – Guide for Applying the Risk Management Framework to Federal Information Systems | Federal | US |
256 | NIST SP 800-47 – Security Guide for Interconnecting Information Technology Systems | Federal | US |
257 | NIST SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories | Federal | US |
258 | NIST SP 800-61 – Computer Security Incident Handling Guide | Federal | US |
260 | NIST SP 800-81-2 – Secure Domain Name System (DNS) Deployment Guide | Federal | US |
261 | NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) | Federal | US |
262 | NIST SP 800-123 – Guide to General Server Security | Federal | US |
263 | NIST SP 800-125 – Guide to Security for Full Virtualization Technologies | Federal | US |
265 | NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems | Federal | US |
266 | NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations | Federal | US |
267 | NIST SP 800-144 – Guidelines on Security and Privacy in Public Cloud Computing | Federal | US |
275 | Federal Information Security Management Act | Federal | US |
282 | OMB Circular A-130 – Management of Federal Information Resources | Federal | US |
293 | NIST SP 800-82 – Guide to Industrial Control Systems (ICS) Security Rev 2 | Federal | US |
295 | NIST SP 800-160 – Systems Security Engineering | Federal | US |
490 | NIST – Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1) | Federal | US |
491 | NIST SP 800-171 Rev 1 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations | Federal | US |
492 | NIST SP 800-171A – Assessing Security Requirements for Controlled Unclassified Information | Federal | US |
500 | NIST SP 800-86 – Guide to Integrating Forensic Techniques into Incident Response | Federal | US |
501 | NIST SP 800-92 – Guide to Computer Security Log Management | Federal | US |
502 | NIST SP 800-94 – Guide to Intrusion Detection and Prevention Systems (IDPS) | Federal | US |
503 | NIST SP 800-115 – Technical Guide to Information Security Testing and Assessment | Federal | US |
504 | NIST FIPS 201 Personal Identity Verification (PIV) of Federal Employees and Contractors | Federal | US |
505 | NIST FIPS 140-2 Security Requirements for Cryptographic Modules | Federal | US |
510 | NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy | Federal | US |
559 | NIST SP 800-175A – Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies | Federal | US |
560 | NIST SP 800-175B – Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms | Federal | US |
569 | NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0 | Federal | US |
571 | DoD Cybersecurity Maturity Model Certification (CMMC) v1.0 | Federal | US |
572 | Sarbanes-Oxley Act | Federal | US |
574 | NIST SP 800-171 Rev 2 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations | Federal | US |
580 | NIST SP 800-175B Rev1 – Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms | Federal | US
|
272 | DHS Sensitive Systems Policy Directive 4300A v12.01 (02/16) | Federal – DHS | US |
311 | 33 CFR Subchapter H – Maritime Security | Federal – DHS | US |
312 | 6 CFR 27 – Chemical Facility Anti-Terrorism Standards | Federal – DHS | US |
289 | IRS Publication 1075 (2016) | Federal – IRS | US |
567 | IRS Publication 4812 (10/19) | Federal – IRS | US |
145 | CBEST Threat Intelligence Framework, Qualities of a threat intelligence provider | Financial | United Kingdom |
146 | CBEST Implementation Guide | Financial | United Kingdom |
148 | Basel Committee on Banking Supervision: Core Principles for Effective Banking Supervision | Financial | Global |
149 | Basel Committee on Banking Supervision: Principles for Effective Risk Data Aggregation and Risk Reporting | Financial | Global |
234 | Consumer Financial Protection Act | Financial | US |
237 | Right to Financial Privacy Act | Financial | US |
241 | 17 CFR Chapter IV – Department of the Treasury Regulations | Financial | US |
242 | 16 CFR 313 – Privacy of Consumer Financial Information | Financial | US |
243 | 16 CFR 314 – Standards for Safeguarding Customer Information | Financial | US |
244 | Bank Secrecy Act | Financial | US |
276 | Basel Committee on Banking Supervision: Principles for the Sound Management of Operational Risk | Financial | Global |
290 | NY – NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies | Financial | US State – New York |
294 | CPMI-IOSCO – Guidance on Cyber Resilience for Financial Market Infrastructures | Financial | Global |
313 | CBEST Intelligence-Led Testing – Understanding Cyber Threat Intelligence Operations v2.0 | Financial | United Kingdom |
314 | CBEST Intelligence-Led Testing – CBEST Services Assessment Guide v2.0 | Financial | United Kingdom |
315 | CBEST Intelligence-Led Testing – CBEST Implementation Guide v2.0 | Financial | United Kingdom |
477 | Singapore MAS Technology Risk Management Notice FAA-N18 | Financial | Singapore |
478 | CO – CO Division of Securities Cybersecurity Regulations | Financial | US State – Colorado |
479 | CSSF Circular 17-654 | Financial | Luxembourg |
481 | VT – VT Securities Regulations – Regulation S-2016-01 (Revised) | Financial | US State – Vermont |
570 | SWIFT Customer Security Controls Framework v2020 | Financial | Global |
233 | 12 CFR Chapter X – Bureau of Consumer Financial Protection Regulations | Financial – CFPB | US |
134 | 17 CFR 38 Subpart K Trade Information | Financial – CFTC | US |
135 | 17 CFR 38 Subpart U System Safeguards | Financial – CFTC | US |
136 | 17 CFR 39 Subpart B Compliance with Core Principles | Financial – CFTC | US |
137 | 17 CFR 39 Subpart C Provisions Applicable to Systemically Important Derivatives Clearing Organizations | Financial – CFTC | US |
138 | 17 CFR 49 Swap Data Repositories | Financial – CFTC | US |
139 | 17 CFR 37 Subpart O – System Safeguards | Financial – CFTC | US |
239 | 17 CFR Chapter I – Commodity Futures Trading Commission Regulations | Financial – CFTC | US |
284 | 17 CFR 37 Subpart O – System Safeguards (2016) | Financial – CFTC | US |
285 | 17 CFR 38 Subpart U – System Safeguards (2016) | Financial – CFTC | US |
286 | 17 CFR 39 Subpart B – System Safeguards (2016) | Financial – CFTC | US |
287 | 17 CFR 49 – System Safeguards (2016) | Financial – CFTC | US |
561 | 12 CFR Chapter VI – Farm Credit Administration – Subchapter B – Farm Credit System | Financial – FCA | US |
562 | 12 CFR Chapter XIV – Farm Credit System Insurance Corporation | Financial – FCA | US |
3 | FFIEC IT Examination Handbook – Audit | Financial – FFIEC | US |
4 | FFIEC Authentication in an Internet Banking Environment | Financial – FFIEC | US |
5 | FFIEC IT Examination Handbook Business Continuity Planning | Financial – FFIEC | US |
6 | FFIEC IT Examination Handbook Development and Acquisition | Financial – FFIEC | US |
9 | FFIEC IT Examination Handbook – Operations | Financial – FFIEC | US |
10 | FFIEC IT Examination Handbook Outsourcing Technology Services | Financial – FFIEC | US |
12 | FFIEC IT Examination Handbook E-Banking | Financial – FFIEC | US |
13 | FFIEC – Supplement to Authentication in an Internet Banking Environment | Financial – FFIEC | US |
123 | FFIEC – Outsourced Cloud Computing | Financial – FFIEC | US |
128 | Federal Reserve Board Guidance on Managing Outsourcing Risk | Financial – FFIEC | US |
198 | FFIEC Cybersecurity Assessment Tool | Financial – FFIEC | US |
200 | FRB-OCC-SEC – Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Financial System | Financial – FFIEC | US |
227 | FFIEC IT Examination Handbook – Management 2015 | Financial – FFIEC | US |
249 | FFIEC IT Examination Handbook – Retail Payment Systems (2016) | Financial – FFIEC | US |
281 | FFIEC IT Examination Handbook: Supervision of Technology Service Providers (2012) | Financial – FFIEC | US |
283 | FFIEC IT Examination Handbook – Information Security (09-16) | Financial – FFIEC | US |
568 | FFIEC IT Examination Handbook – Business Continuity Management (2019) | Financial – FFIEC | US |
573 | FFIEC IT Examination Handbook – Wholesale Payment Systems | Financial – FFIEC | US |
327 | FINRA Rules | Financial – FINRA | US – FINRA |
328 | FINRA – Capital Acquisition Broker Rules | Financial – FINRA | US – FINRA |
329 | FINRA – Funding Portal Rules | Financial – FINRA | US – FINRA |
60 | 12 CFR 202 Equal Credit Opportunity (Regulation B) | Financial – FRB | US |
130 | 12 CFR 201 Extensions of Credit by Federal Reserve Banks (Regulation A) | Financial – FRB | US |
151 | 12 CFR 252 Enhanced Prudential Standards (Regulation YY) | Financial – FRB | US |
154 | 12 CFR 203 – Home Mortgage Disclosure (Regulation C) | Financial – FRB | US |
155 | 12 CFR 204 – Reserve Requirements of Depository Institutions (Regulation D) | Financial – FRB | US |
156 | 12 CFR 205 – Electronic Fund Transfers (Regulation E) | Financial – FRB | US |
157 | 12 CFR 206 – Limitations on Interbank Liabilities (Regulation F) | Financial – FRB | US |
158 | 12 CFR 207 – Disclosure and Reporting of CRA-Related Events (Regulation G) | Financial – FRB | US |
159 | 12 CFR 208 – Membership of State Banking Institutions in the Federal Reserve System (Regulation H) | Financial – FRB | US |
160 | 12 CFR 209 – Issue and Cancellation of Federal Reserve Bank Capital Stock (Regulation I) | Financial – FRB | US |
161 | 12 CFR 210 – Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire (Regulation J) | Financial – FRB | US |
162 | 12 CFR 211 – International Banking Operations (Regulation K) | Financial – FRB | US |
163 | 12 CFR 212 – Management Official Interlocks (Regulation L) | Financial – FRB | US |
164 | 12 CFR 213 – Consumer Leasing (Regulation M) | Financial – FRB | US |
165 | 12 CFR 214 – Relations with Foreign Banks and Bankers (Regulation N) | Financial – FRB | US |
166 | 12 CFR 215 – Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks (Regulation O) | Financial – FRB | US |
167 | 12 CFR 217 – Capital Adequacy of Bank Holding Companies, Savings and Loan Holding Companies, and State Member Banks (Regulation Q) | Financial – FRB | US |
168 | 12 CFR 218 – Exceptions for Banks from the Definition of Broker in the Securities Exchange Act of 1934 (Regulation R) | Financial – FRB | US |
169 | 12 CFR 219 – Reimbursement to Financial Institutions for Providing Financial Records; Recordkeeping Requirements for Certain Financial Records (Regulation S) | Financial – FRB | US |
170 | 12 CFR 220 – Credit by Brokers and Dealers (Regulation T) | Financial – FRB | US |
171 | 12 CFR 221 – Credit by Banks and Persons other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock (Regulation U) | Financial – FRB | US |
172 | 12 CFR 222 – Fair Credit Reporting (Regulation V) | Financial – FRB | US |
173 | 12 CFR 223 – Transactions between Member Banks and Their Affiliates (Regulation W) | Financial – FRB | US |
174 | 12 CFR 224 – Borrowers of Securities Credit (Regulation X) | Financial – FRB | US |
175 | 12 CFR 225 – Bank Holding Companies and Change in Bank Control (Regulation Y) | Financial – FRB | US |
176 | 12 CFR 226 – Truth in Lending (Regulation Z) | Financial – FRB | US |
178 | 12 CFR 228 – Community Reinvestment (Regulation BB) | Financial – FRB | US |
179 | 12 CFR 229 – Availability of Funds and Collection of Checks (Regulation CC) | Financial – FRB | US |
180 | 12 CFR 231 – Netting Eligibility for Financial Institutions (Regulation EE) | Financial – FRB | US |
181 | 12 CFR 232 – Obtaining and Using Medical Information in Connection with Credit (Regulation FF) | Financial – FRB | US |
182 | 12 CFR 233 – Prohibition on Funding of Unlawful Internet Gambling (Regulation GG) | Financial – FRB | US |
183 | 12 CFR 234 – Designated Financial Market Utilities (Regulation HH) | Financial – FRB | US |
184 | 12 CFR 235 – Debit Card Interchange Fees and Routing (Regulation II) | Financial – FRB | US |
185 | 12 CFR 237 – Margin and Capital Requirements for Covered Swap Entities (Regulation KK) | Financial – FRB | US |
186 | 12 CFR 238 – Savings and Loan Holding Companies (Regulation LL) | Financial – FRB | US |
187 | 12 CFR 239 – Mutual Holding Companies (Regulation MM) | Financial – FRB | US |
188 | 12 CFR 240 – Retail Foreign Exchange Transactions (Regulation NN) | Financial – FRB | US |
189 | 12 CFR 241 – Securities Holding Companies (Regulation OO) | Financial – FRB | US |
190 | 12 CFR 242 – Definitions Relating to Title I of the Dodd-Frank Act (Regulation PP) | Financial – FRB | US |
191 | 12 CFR 243 – Resolution Plans (Regulation QQ) | Financial – FRB | US |
192 | 12 CFR 244 – Credit Risk Retention (Regulation RR) | Financial – FRB | US |
193 | 12 CFR 246 – Supervision and Regulation Assessments of Fees (Regulation TT) | Financial – FRB | US |
194 | 12 CFR 248 – Proprietary Trading and Certain Interests in and Relationships with Covered Funds (Regulation VV) | Financial – FRB | US |
195 | 12 CFR 249 – Liquidity Risk Measurement Standards (Regulation WW) | Financial – FRB | US |
196 | 12 CFR 251 – Concentration Limit (Regulation XX) | Financial – FRB | US |
14 | 12 CFR 30 Appendix B Interagency Guidelines Establishing Standards for Safeguarding Customer Information (GLBA) | Financial – OCC | US |
129 | OCC Bulletin 2013-29 (Subject: Third-Party Relationships) | Financial – OCC | US |
150 | 12 CFR 30 OCC Heightened Standards for Large Banks | Financial – OCC | US |
240 | 17 CFR Chapter II – Securities and Exchange Commission Regulations | Financial – SEC | US |
22 | 25 CFR 542.16 & 25 CFR 543.16 – Indian Gaming Control – Minimum Internal Control Standards for IT | Gaming | US |
29 | LA State Police Gaming Enforcement Division – CPA Minimum Internal Controls Questionnaire | Gaming | US State – Louisiana |
56 | NV – MICS 1-28 Checklist | Gaming | US State – Nevada |
57 | NV – MICS 29-55 Checklist | Gaming | US State – Nevada |
58 | OH – 3772-10-15 Information technology standards. | Gaming | US State – Ohio |
61 | IL – Gaming Control Board Minimum Internal Control Standards – 03232010 (MICS) | Gaming | US State – Illinois |
62 | MO – Gaming Control Chapter S Minimum Internal Control Standards 0602011 (MICS) | Gaming | US State – Missouri |
63 | NV – Gaming Control Board Minimum Internal Control Standards – Information Technology v6 09012008 (MICS) | Gaming | US State – Nevada |
64 | NJ – Gaming Control 13:69D 1.11 (Casino Licensees Organization) Minimum Internal Control Standards 11072011 (MICS) | Gaming | US State – New Jersey |
65 | NJ – Gaming Control Subchapter 2 (Casino Computer Systems) Minimum Internal Control Standards 07052005 (MICS) | Gaming | US State – New Jersey |
67 | LA – Louisiana Gaming Title 42 | Gaming | US State – Louisiana |
320 | NV – Gaming Control Board – Minimum Internal Control Standards – Information Technology – v7 – 2014 | Gaming | US State – Nevada |
321 | NV – Gaming Control Board – CPA MICS Compliance Checklist – IT v7 | Gaming | US State – Nevada |
322 | IL – Gaming Board – Minimum Internal Control Standards 2016 | Gaming | US State – Illinois |
323 | NJ – Gaming Control 13:69D-1.11 (Casino Licensees Organization) 2014 | Gaming | US State – New Jersey |
324 | NJ – Gaming Control 13:69D-2 (Casino Computer Systems) 2014 | Gaming | US State – New Jersey |
546 | CA – California Gaming Control Commission – MICS | Gaming | US State – California |
547 | CA – Tribal-State Gaming Compact Between the State of California and Wilton Rancheria | Gaming | US State – California |
548 | IN – Indiana Gaming Commission – MICS | Gaming | US State – Indiana |
549 | IA – Iowa Racing and Gaming Commission – MICS | Gaming | US State – Iowa |
550 | KS – Kansas Racing and Gaming Commission – MICS | Gaming | US State – Kansas |
551 | MS – Mississippi Gaming Commission – MICS | Gaming | US State – Mississippi |
552 | PA – Pennsylvania Gaming Control Board – MICS | Gaming | US State – Pennsylvania |
15 | 45 CFR 164 Security and Privacy (HIPAA) | Health | US |
49 | NIST SP 800-30 – Risk Management Guide for Information Technology Systems | Health | US |
50 | NIST SP 800-39 – Managing Information Security Risk | Health | US |
54 | NIST SP 800-66 – An Introductory Resource Guide for Implementing HIPAA Security | Health | US |
66 | The Joint Commission July 1 2012 | Health | US |
131 | OK – OK Statutes – 76.19-76.20 – Medical Records | Health | US State – Oklahoma |
224 | 16 CFR 318 – Health Breach Notification Rule (FTC) | Health | US |
296 | HIPAA Audit Protocol (2016) | Health | US |
297 | 42 CFR 2 – Confidentiality of Substance Use Disorder Patient Records | Health | US |
341 | AL – Medical Record Services | Health | US State – Alabama |
342 | AL – Guidelines for Medical Records Management | Health | US State – Alabama |
343 | AL – Minimum Standards for Medical Records | Health | US State – Alabama |
344 | AK – Health Care Services Information and Review Organizations | Health | US State – Alaska |
345 | AK – Hospital records retention | Health | US State – Alaska |
346 | AK – Confidential records | Health | US State – Alaska |
347 | AK – Records of alcoholics, drug abusers, and intoxicated persons | Health | US State – Alaska |
348 | AK – Medical Record Service | Health | US State – Alaska |
349 | AZ – Evidence – Medical Records | Health | US State – Arizona |
350 | AZ – Medical Records | Health | US State – Arizona |
351 | AZ – Health Information Organizations | Health | US State – Arizona |
352 | AR – Access to medical records | Health | US State – Kansas |
353 | AR – Patient Medical Records Privacy Act | Health | US State – Kansas |
354 | AR – Health Information Services | Health | US State – Kansas |
355 | CA – Confidentiality of Medical Information Act | Health | US State – California |
356 | CA – Unauthorized Access to Medical Information | Health | US State – California |
357 | CA – Patient Access to Health Records | Health | US State – California |
358 | CA – Medical Records | Health | US State – California |
359 | CO – Protection of Medical Records | Health | US State – Colorado |
360 | CO – Patient Records | Health | US State – Colorado |
361 | CO – Mental health records | Health | US State – Colorado |
362 | CO – Access to Patient Medical Records | Health | US State – Colorado |
363 | CT – Confidentiality of medical records | Health | US State – Connecticut |
364 | CT – Medical Records | Health | US State – Connecticut |
365 | CT – Department of Health Services – Medical Records | Health | US State – Connecticut |
366 | DE – Informed Consent and Confidentiality – Genetic Information | Health | US State – Delaware |
367 | DE – Informed Consent and Confidentiality – Confidentiality of Personal Health Information | Health | US State – Delaware |
368 | DC – Mental Health Information | Health | US State – District of Columbia |
369 | FL – Patient Records | Health | US State – Florida |
370 | GA – Health Records | Health | US State – Georgia |
371 | GA – Clinical Records | Health | US State – Georgia |
372 | HI – Health Care Privacy Harmonization Act | Health | US State – Hawaii |
373 | HI – Medical Records | Health | US State – Hawaii |
374 | IL – Health Care Records | Health | US State – Illinois |
375 | IN – Health Records and Identifying Information Protection | Health | US State – Indiana |
376 | IN – Health Records | Health | US State – Indiana |
377 | KS – Health Care Data | Health | US State – Kansas |
379 | LA – Health Care Consumers’ Right to Know | Health | US State – Louisiana |
380 | LA – Hospital Records and Retention Act | Health | US State – Louisiana |
381 | LA – Prohibitions on the Use of Medical Information and Genetic Test Results | Health | US State – Louisiana |
382 | ME – Patient Access to Hospital Medical Records | Health | US State – Maine |
383 | MD – Confidentiality of Medical Records | Health | US State – Maryland |
384 | MA – Inspection of Health Records | Health | US State – Massachusetts |
385 | MI – Medical Records Access Act | Health | US State – Michigan |
386 | MN – MN Health Records Act | Health | US State – Minnesota |
387 | MS – Hospital Records – Preparation, Preservation & Destruction | Health | US State – Mississippi |
388 | MS – Medical Records | Health | US State – Mississippi |
389 | MT – Health Care Information Privacy Requirements for Providers Subject to HIPAA | Health | US State – Montana |
390 | MT – Uniform Health Care Information | Health | US State – Montana |
391 | MT – Government Health Care Information | Health | US State – Montana |
392 | NE – Medical Records | Health | US State – Nebraska |
393 | NV – Healing Arts Generally | Health | US State – Nevada |
394 | NV – Electronic transmission of health information | Health | US State – Nevada |
395 | NV – Health Information Exchanges | Health | US State – Nevada |
396 | NH – Medical Records, Patient Information, and the Health Information Organization Corporation | Health | US State – New Hampshire |
397 | NJ – Health Insurance Carrier Computerized Records | Health | US State – New Jersey |
398 | NM – Health and Hospital Records | Health | US State – New Mexico |
399 | NM – Health Information Systems | Health | US State – New Mexico |
400 | NM – Electronic Medical Records | Health | US State – New Mexico |
401 | NM – Genetic Information Privacy | Health | US State – New Mexico |
402 | NY – Public Health – General Provisions | Health | US State – New York |
403 | ND – Health Information Protection | Health | US State – North Dakota |
404 | OH – Protected Health Information | Health | US State – Ohio |
405 | OR – Protected Health Information | Health | US State – Oregon |
406 | PA – Medical Records Services | Health | US State – Pennsylvania |
407 | PA – Privacy of Consumer Health Information | Health | US State – Pennsylvania |
408 | RI – Confidentiality of Health Care Information Act | Health | US State – Rhode Island |
409 | RI – RI Health Information Exchange Act of 2008 | Health | US State – Rhode Island |
410 | RI – Privacy of Consumer Health Information | Health | US State – Rhode Island |
411 | RI – Medical Records | Health | US State – Rhode Island |
412 | SC – Mental Illness / Substance Abuse Records | Health | US State – South Carolina |
413 | SC – Physicians’ Patient Records Act | Health | US State – South Carolina |
414 | SC – Prescription Information Privacy Act | Health | US State – South Carolina |
415 | SC – Privacy of Genetic Information | Health | US State – South Carolina |
416 | SD – Release of Medical Records | Health | US State – South Dakota |
417 | SD – Transfer or Destruction of Patient Records | Health | US State – South Dakota |
418 | TN – Medical Records | Health | US State – Tennessee |
419 | TN – Vital Records Act of 1977 | Health | US State – Tennessee |
420 | TN – Medical Records Act of 1974 | Health | US State – Tennessee |
421 | TN – Hospital Records as Evidence | Health | US State – Tennessee |
422 | TN – Patient’s Privacy Protection Act | Health | US State – Tennessee |
423 | TX – Medical Records Privacy | Health | US State – Texas |
424 | TX – Hospital Medical Records | Health | US State – Texas |
425 | TX – Insurance Code – Privacy of Health Information | Health | US State – Texas |
426 | TX – Insurance Consumer Health Information Privacy | Health | US State – Texas |
427 | UT – Access to Medical Records | Health | US State – Utah |
428 | VT – Health Care Privacy | Health | US State – Vermont |
429 | VT – Health – Disclosure of information | Health | US State – Vermont |
430 | VA – Health Information | Health | US State – Virginia |
431 | VA – Health Records | Health | US State – Virginia |
432 | WA – Health Information | Health | US State – Washington |
433 | WA – Medical Records – Health Care Information Access and Disclosure | Health | US State – Washington |
434 | WA – Medical Records Retention and Preservation | Health | US State – Washington |
435 | WV – Health Care Records | Health | US State – West Virginia |
436 | WI – Health Care Records | Health | US State – Wisconsin |
437 | WI – Health Care Information | Health | US State – Wisconsin |
438 | WI – Insurers: Disclosure of Personal Medical Information | Health | US State – Wisconsin |
439 | WY – Hospital Records and Information | Health | US State – Wyoming |
488 | The Joint Commission IM Standards 2018 | Health | US |
544 | PHE – 405d – Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations | Health | US |
545 | PHE – 405d – Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations | Health | US |
585 | HIPAA Audit Protocol (2018) | Health | US |
476 | CT – Insurance Information and Privacy Protection Act | Insurance | US State – Connecticut |
494 | SC – SC Insurance Data Security Act | Insurance | US State – South Carolina |
508 | OH – Ohio Insurance Data Security Act | Insurance | US State – Ohio |
509 | MI – Michigan Insurance Data Security Act | Insurance | US State – Michigan |
514 | AL – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Alabama |
515 | AZ – Insurance – Customer Information Security Program | Insurance | US State – Arizona |
516 | AR – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Arkansas |
517 | CO – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Colorado |
518 | CT – Insurance – Safeguarding Consumer Financial Information | Insurance | US State – Connecticut |
519 | DE – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Delaware |
520 | IL – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Illinois |
521 | KY – Insurance – Standards for safeguarding customer information | Insurance | US State – Kentucky |
522 | ME – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Maine |
523 | MI – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Michigan |
524 | MN – Insurance – Information Security Program | Insurance | US State – Minnesota |
525 | MO – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Missouri |
526 | MT – Insurance – Standards for Safeguarding Personal Information | Insurance | US State – Montana |
527 | NE – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Nebraska |
528 | NH – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – New Hampshire |
529 | NJ – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – New Jersey |
530 | NY – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – New York |
531 | ND – Insurance – Information Security Program | Insurance | US State – North Dakota |
532 | OK – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Oklahoma |
533 | OR – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Oregon |
534 | PA – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Pennsylvania |
535 | RI – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Rhode Island |
536 | UT – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Utah |
537 | VT – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Vermont |
538 | WV – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – West Virginia |
539 | WY – Insurance – Standards for Safeguarding Customer Information | Insurance | US State – Wyoming |
543 | MS – Mississippi Insurance Data Security Law | Insurance | US State – Mississippi |
555 | NH – New Hampshire Insurance Data Security Law | Insurance | US State – New Hampshire |
556 | DE – Delaware Insurance Data Security Act | Insurance | US State – Delaware |
557 | CT – Connecticut Insurance Data Security Law | Insurance | US State – Connecticut |
558 | AL – Alabama Insurance Data Security Law | Insurance | US State – Alabama |
564 | NAIC Insurance Data Security Model Law | Insurance | US |
588 | IN – Indiana Insurance Data Security Act | Insurance | US State – Indiana |
589 | LA – Louisiana Insurance Data Security Law | Insurance | US State – Louisiana |
590 | VA – Virginia Insurance Data Security Act | Insurance | US State – Virginia |
Availability and use of the above sources is subject to all Edgile terms and conditions.
Edgile Q2 2020 Content Update & Digest
Overview
This document provides a summary of GRC related source changes and updates. It is not a comprehensive list of applicable changes or regulations.
Please consult with your legal / compliance team for applicability to your organization or other relevant changes and updates.
04-01-20
NIST releases Draft SP 800-210 “General Access Control Guidance for Cloud Systems”
https://csrc.nist.gov/publications/detail/sp/800-210/draft
NIST releases Draft White Paper “Methodology for Characterizing Network Behavior of Internet of Things Devices”
04-02-20
OCC – Proposed Rule – Licensing Amendments
https://www.govinfo.gov/content/pkg/FR-2020-04-02/pdf/2020-04938.pdf
FRB – Final Rule: Delay of Effective Date – Control and Divestiture Proceedings
https://www.govinfo.gov/content/pkg/FR-2020-04-02/pdf/2020-06993.pdf
OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency
https://www.hhs.gov/about/news/2020/04/02/ocr-announces-notification-of-enforcement-discretion.html
NERC releases GridEx V Lessons Learned Report
04-03-20
Basel Committee releases “Margin requirements for non-centrally cleared derivatives”
https://www.bis.org/bcbs/publ/d499.htm
Basel Committee releases “Measures to reflect the impact of Covid-19”
https://www.bis.org/bcbs/publ/d498.htm
04-06-20
FRB – Notification of Delay – Federal Reserve Policy on Payment System Risk; U.S. Branches and Agencies of Foreign Banking Organizations
https://www.govinfo.gov/content/pkg/FR-2020-04-06/pdf/2020-06482.pdf
Washington, D.C. Amends Data Breach Notification Law
Canadian Maker of Smart Locks Settles FTC Allegations That it Deceived Consumers about its Security Practices
04-07-20
HHS – Enforcement Discretion Under HIPAA To Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities in Response to COVID–19
https://www.govinfo.gov/content/pkg/FR-2020-04-07/pdf/2020-07268.pdf
04-08-20
FDIC – Proposed Rule – Unsafe and Unsound Banking Practices: Brokered Deposits Restrictions; Extension of Comment Period
https://www.govinfo.gov/content/pkg/FR-2020-04-08/pdf/2020-07322.pdf
Basel Committee releases Basel III Monitoring Report
https://www.bis.org/bcbs/publ/d500.htm
NERC Files Motion to Defer Implementation of Seven Reliability Standards Due to COVID-19
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issue joint alert: Alert (AA20-099A),
COVID-19 Exploited by Malicious Cyber Actors
https://www.us-cert.gov/ncas/alerts/aa20-099a
04-09-20
NCUA – Corporate Credit Unions; Extension of Comment Period
https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-07159.pdf
CFTC – Final Rule – Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants
https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-06625.pdf
SEC – Final Rule – Accelerated Filer and Large Accelerated Filer Definitions; Correction
https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-06926.pdf
FCC – Final Order – Promoting Telehealth for Low-Income Consumers; COVID–19 Telehealth Program
https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-07587.pdf
OCR Announces Notification of Enforcement Discretion for Community-Based Testing Sites During the COVID-19 Nationwide Public Health Emergency
04-10-20
FTC issues COPPA guidance for remote learning
CDC updates COVID-19 guidance for critical businesses
04-13-20
OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Paycheck Protection Program Lending Facility and Paycheck Protection Program Loans
https://www.govinfo.gov/content/pkg/FR-2020-04-13/pdf/2020-07712.pdf
NIST releases Draft SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments
https://csrc.nist.gov/publications/detail/sp/1800-19/draft
NIST releases Project Description White Paper, 5G Cybersecurity: Preparing a Secure Evolution to 5G
04-14-20
FRB – Interim Final Rule – Temporary Exclusion of U.S. Treasury Securities and Deposits at Federal Reserve Banks From the Supplementary Leverage Ratio
https://www.govinfo.gov/content/pkg/FR-2020-04-14/pdf/2020-07345.pdf
04-15-20
FFIEC Releases Updates to BSA/AML Examination Manual
https://www.ffiec.gov/press/pr041520.htm
04-16-20
FFIEC Announces Federal Disclosure Computational Tools
https://www.ffiec.gov/press/pr041620.htm
AMA, AHA Share COVID-19 Telework Guidance for Hospitals, Providers
https://healthitsecurity.com/news/ama-aha-share-covid-19-telework-guidance-for-hospitals-providers
04-17-20
CFTC – Reopening of Comment Period – Certain Swap Data Repository and Data Reporting Requirements
https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04404.pdf
CFTC – Proposed Rule – Real-Time Public Reporting Requirements
https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04405.pdf
CFTC – Proposed Rule – Swap Data Recordkeeping and Reporting Requirements
https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04407.pdf
OCC/FRB/FDIC – Interim Final Rule – Real Estate Appraisals
https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-08216.pdf
Office of the Privacy Commissioner of Canada releases COVID-19 assessment framework
https://www.priv.gc.ca/en/opc-news/news-and-announcements/2020/an_200417/
European Commission issues guidance on COVID-19 apps
https://ec.europa.eu/commission/presscorner/detail/en/ip_20_669
04-20-20
SEC – Final Rule – Financial Disclosures About Guarantors and Issuers of Guaranteed Securities and Affiliates Whose Securities Collateralize a Registrant’s Securities
https://www.govinfo.gov/content/pkg/FR-2020-04-20/pdf/2020-04776.pdf
Federal Energy Regulatory Commission (FERC) grants request to delay implementation of three cybersecurity standards for three months because of Covid-19
https://www.ferc.gov/CalendarFiles/20200417144415-RM15-4-000.pdf
Supreme Court will hear a case involving the U.S. Computer Fraud and Abuse Act
https://www.cyberscoop.com/cfaa-will-soon-day-supreme-court/
04-21-20
NCUA – Temporary Final Rule – Temporary Regulatory Relief in Response to COVID–19
https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08434.pdf
NCUA – Interim Final Rule – Real Estate Appraisals
https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08435.pdf
HHS – Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID–19 Nationwide Public Health Emergency
https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08416.pdf
NYDFS issues Guidance to Department of Financial Services (“DFS”) Regulated Entities Regarding Cybersecurity Awareness During COVID-19 Pandemic
https://www.dfs.ny.gov/industry_guidance/industry_letters/il20200413_covid19_cybersecurity_awareness
04-22-20
FRB – Interim Final Rule – Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks
https://www.govinfo.gov/content/pkg/FR-2020-04-22/pdf/2020-08574.pdf
EDPB adopts COVID-19 guidance on health data processing, geolocation
Credit Card Launderer for Tech Support Scams to Pay $6.75 Million to Settle FTC Charges
Financial Stability Board (FSB) publishes consultation report on Effective Practices for Cyber Incident Response and Recovery
ETSI Releases New Standard to Confirm Integrity of Data in Legal Proceedings
https://www.infosecurity-magazine.com/news/standard-integrity-data-legal/
PCI SSC releases updated guidance document: Responding to a Cardholder Data Breach
https://blog.pcisecuritystandards.org/updated-guidance-responding-to-a-data-breach
04-23-20
CFTC – Extension of Currently Open Comment Periods for Rulemakings in Response to the COVID–19 Pandemic
https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-08109.pdf
OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Temporary Changes to the Community Bank Leverage Ratio Framework
https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-07449.pdf
OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Transition for the Community Bank Leverage Ratio Framework
https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-07448.pdf
National Security Agency and Australian Signals Directorate issue guidance: Detect and Prevent Web Shell Malware
NIST releases white paper: Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)
https://csrc.nist.gov/News/2019/mitigating-risk-of-software-vulns-ssdf
The Pentagon’s Cybersecurity Certification Plan Includes Continuously Monitoring Contractors
04-24-20
HHS-OIG – Proposed Rule – Grants, Contracts, and Other Agreements: Fraud and Abuse; Information Blocking; Office of Inspector General’s Civil Money Penalty Rules
https://www.govinfo.gov/content/pkg/FR-2020-04-24/pdf/2020-08451.pdf
Lawmakers introduce legislation to boost American 5G efforts
04-27-20
NCUA – Interim Final Rule – Regulatory Capital Rule: Paycheck Protection Program Lending Facility and Paycheck Protection Program Loans
https://www.govinfo.gov/content/pkg/FR-2020-04-27/pdf/2020-08920.pdf
CFPB – Interpretive Rule – Treatment of Pandemic Relief Payments Under Regulation E and Application of the Compulsory Use Prohibition
https://www.govinfo.gov/content/pkg/FR-2020-04-27/pdf/2020-08084.pdf
March 2020 Healthcare Data Breach Report
https://www.hipaajournal.com/march-2020-healthcare-data-breach-report/
04-28-20
FRB – Interim Final Rule – Regulation D: Reserve Requirements of Depository Institutions
https://www.govinfo.gov/content/pkg/FR-2020-04-28/pdf/2020-09044.pdf
FRB – Policy Statement – Temporary Actions To Support the Flow of Credit to Households and Businesses by Encouraging Use of Intraday Credit
https://www.govinfo.gov/content/pkg/FR-2020-04-28/pdf/2020-09052.pdf
DoD Inspector General releases “Special Report on Protecting Patient Health Information During the COVID‑19 Pandemic”
https://www.oversight.gov/sites/default/files/oig-reports/DODIG-2020-080.pdf
FTC Gives Final Approval to Modify FTC’s 2012 Privacy Order with Facebook with Provisions from 2019 Settlement
PCI – Additional Remote Assessment Considerations During COVID-19
https://blog.pcisecuritystandards.org/additional-remote-assessment-considerations-during-covid-19
NIST releases White Paper “Protecting Data from Ransomware and Other Data Loss Events: A Guide for Managed Service Providers to Conduct, Maintain, and Test Backup Files”
NIST releases NISTIR 8011 Vol. 4 “Automation Support for Security Control Assessments: Software Vulnerability Management”
https://csrc.nist.gov/publications/detail/nistir/8011/vol-4/final
NIST releases draft White Paper “Hardware-Enabled Security for Server Platforms: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases”
NSA releases guidance document “Selecting and Safely Using Collaboration Services for Telework”
04-29-20
NCUA – Interim Final Rule – Central Liquidity Facility
https://www.govinfo.gov/content/pkg/FR-2020-04-29/pdf/2020-08101.pdf
Basel Committee releases Report on Progress in adopting the Principles for effective risk data aggregation and risk reporting
https://www.bis.org/bcbs/publ/d501.htm
NIST releases NISTIR 8294 “Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (EVSE)”
https://csrc.nist.gov/publications/detail/nistir/8294/final
04-30-20
Basel Committee releases report: Climate-related financial risks: a survey on current initiatives
https://www.bis.org/bcbs/publ/d502.htm
DHS Shares Cloud, Microsoft Office 365 Insights for COVID-19 Telework
PCI: Maintaining POS Device Security and Cleanliness
https://blog.pcisecuritystandards.org/maintaining-pos-device-security-and-cleanliness
FFIEC Issues Statement on Risk Management for Cloud Computing Services
https://www.ffiec.gov/press/pr043020.htm
05-01-20
NCUA – Final Rule – Real Estate Appraisals
https://www.govinfo.gov/content/pkg/FR-2020-04-30/pdf/2020-08433.pdf
Trump issues executive order to protect power grid from attack
CFPB – Compliance bulletin and policy guidance – Bulletin 2020–02—Compliance Bulletin and Policy Guidance: Handling of Information and Documents During Mortgage Servicing Transfers
https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-09151.pdf
HHS-CMS – Final Rule – Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally- Facilitated Exchanges, and Health Care Providers
https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05050.pdf
HHS-ONC – Final Rule – 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program
https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf
SEC – Final Rule – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts
https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05526.pdf
05-04-20
CFTC – Proposed Rule – Amendments to Compliance Requirements for Commodity Pool Operators on Form CPO–PQR
https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-08496.pdf
CFPB – Interpretive Rule – Application of Certain Provisions in the TILA–RESPA Integrated Disclosure Rule and Regulation Z Right of Rescission Rules in Light of the COVID–19 Pandemic
https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-09515.pdf
PCI: Beware of Online Skimming Threats During the COVID-19 Crisis
https://blog.pcisecuritystandards.org/beware-of-online-skimming-threats-during-the-covid-19-crisis
NIST releases SP 800-57 Part 1, Revision 5, “Recommendation for Key Management: Part 1 – General”
https://csrc.nist.gov/News/2019/nist-publishes-sp-800-57-pt-1-rev-5
FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA
https://www.finra.org/rules-guidance/notices/20-12
05-05-20
FCC – Proposed Rule – National Security Threats to the Communications Supply Chain Through FCC Programs
https://www.govinfo.gov/content/pkg/FR-2020-05-05/pdf/2020-08822.pdf
Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and U.K.’s National Cyber Security Centre (NCSC) issue joint alert: APT Groups Target Healthcare and Essential Services
https://www.us-cert.gov/ncas/alerts/AA20126A
OCR Issues Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities
05-06-20
OCC/FRB/FDIC – Interim Final Rule – Liquidity Coverage Ratio Rule: Treatment of Certain Emergency Facilities
https://www.govinfo.gov/content/pkg/FR-2020-05-06/pdf/2020-09716.pdf
EDPB publishes “Guidelines 05/2020 on consent under Regulation 2016/679 Version 1.0”
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf
CISA releases CT Supply Chain Essentials guide
https://www.cisa.gov/blog/2020/05/05/building-collective-resilience-ict-supply-chain
IL BIPA cases have standing in federal court
05-07-20
SEC – Temporary Final Rule – Temporary Amendments to Regulation Crowdfunding
https://www.govinfo.gov/content/pkg/FR-2020-05-07/pdf/2020-09806.pdf
CMMC won’t apply to commercial-off-the-shelf suppliers
https://www.fedscoop.com/cmmc-exemption-cots-suppliers/
05-08-20
OPC, provincial commissioners issue joint statement on COVID-19 contact tracing apps:
Supporting public health, building public trust: Privacy principles for contact tracing and similar apps
https://priv.gc.ca/en/opc-news/speeches/2020/s-d_20200507/
FTC Seeks Comment as Part of Review of Health Breach Notification Rule
05-11-20
CFTC – Final Rule – Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants
https://www.govinfo.gov/content/pkg/FR-2020-05-11/pdf/2020-08601.pdf
NIST publishes NISTIR 8196 “Security Analysis of First Responder Mobile and Wearable Devices”
https://csrc.nist.gov/publications/detail/nistir/8196/final
05-12-20
CFTC – Proposed Rule – Swap Clearing Requirement Exemptions
https://www.govinfo.gov/content/pkg/FR-2020-05-12/pdf/2020-08603.pdf
CFPB – Final Rule – Home Mortgage Disclosure (Regulation C)
https://www.govinfo.gov/content/pkg/FR-2020-05-12/pdf/2020-08409.pdf
AMA Shares Privacy Principles for Non-HIPAA Covered Entities, Data
https://www.ama-assn.org/system/files/2020-05/privacy-principles.pdf
05-13-20
SEC – Proposed Rule – Good Faith Determinations of Fair Value
https://www.govinfo.gov/content/pkg/FR-2020-05-13/pdf/2020-08854.pdf
SEC – Correction – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts
https://www.govinfo.gov/content/pkg/FR-2020-05-13/pdf/C1-2020-05526.pdf
CISA and FBI release Alert (AA20-133A) Top 10 Routinely Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
CISA and FBI jointly release PSA on People’s Republic of China’s targeting of COVID-19 research organizations.
05-14-20
Office of the President – Continuation of the National Emergency with Respect to Securing the Information and Communications Technology and Services Supply Chain
https://www.govinfo.gov/content/pkg/FR-2020-05-14/pdf/2020-10594.pdf
SEC – Final Rule – Definition of ‘‘Covered Clearing Agency’
https://www.govinfo.gov/content/pkg/FR-2020-05-14/pdf/2020-07905.pdf
Cybersecurity Tech Accord and Consumers International launch “Stay Smart. Stay Safely Connected”
https://cybertechaccord.org/iot-security/
EC releases guidelines for contact tracing app interoperability
05-15-20
Healthcare and Public Health Sector Coordinating Council’s cybersecurity task force release white paper: Health Industry Cybersecurity Protection of Innovation Capital (HIC-PIC)
https://healthsectorcouncil.org/hic-pic/
GAO report: Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical Facilities
https://www.gao.gov/products/GAO-20-453
US ports and infrastructure organizations form cybersecurity information sharing and analysis center
05-18-20
CFTC – Final Rule / Correction – Privacy of Consumer Financial Information
https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/2020-08552.pdf
SEC – Correction – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts
https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/C2-2020-05526.pdf
HHS – Enforcement Discretion Regarding COVID–19 Community-Based Testing Sites (CBTS) During the COVID–19 Nationwide Public Health Emergency
https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/2020-09099.pdf
European Data Protection Board publishes its “2019 Annual Report.”
https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_annual_report_2019_en.pdf
Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic
05-19-20
OCC/FRB/FDIC – Correcting Amendment – Regulatory Capital Rule: Revised Transition of the Current Expected Credit Losses Methodology for Allowances; Correction
https://www.govinfo.gov/content/pkg/FR-2020-05-19/pdf/2020-08789.pdf
Verizon releases 2020 Data Breach Investigations Report
https://enterprise.verizon.com/resources/reports/dbir/
NTT releases 2020 Global Threat Intelligence Report
Panaseer releases 2020 Financial Services Security Metrics Report
https://panaseer.com/reports-papers/report/2020-security-metrics-report/
Swiss Digital Game Developer Settles FTC Allegations that it Falsely Claimed it was a Member of COPPA Safe Harbor Program
Healthcare and Public Health Sector Coordinating Council (HSCC) and Health Information Sharing and Analysis Center (H-ISAC) release Health Industry Cybersecurity Tactical Crisis Response Guide (HIC-TCR)
https://healthsectorcouncil.org/hic-tcr/
05-20-20
April 2020 Healthcare Data Breach Report
https://www.hipaajournal.com/april-2020-healthcare-data-breach-report/
FDIC – Proposed Rule – Assessments, Mitigating the Deposit Insurance Assessment Effect of Participation in the Paycheck Protection Program (PPP), the PPP Lending Facility, and the Money Market Mutual Fund Liquidity Facility
https://www.govinfo.gov/content/pkg/FR-2020-05-20/pdf/2020-10454.pdf
FTC Gives Final Approval to Settlement with Smart Lock Maker
NIST releases SP 1800-23 “Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry”
https://csrc.nist.gov/publications/detail/sp/1800-23/final
05-21-20
CFPB – Proposed Rule / Extension of Comment Period – Debt Collection Practices (Regulation F)
https://www.govinfo.gov/content/pkg/FR-2020-05-21/pdf/2020-10966.pdf
ICO publishes guidance on explaining AI decision-making processes
NIST publishes SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment
https://csrc.nist.gov/News/2020/assessing-iscm-programs-nist-publishes-sp-800-137a
PCI SSC issues Request for Comments: Secure Software Standard Update: Draft Terminal Software Module
Indiana Court of Appeals Reinstates Respondeat Superior Claim in HIPAA Breach Lawsuit
05-22-20
FTC – Regulatory review; request for public comment – Health Breach Notification Rule
https://www.govinfo.gov/content/pkg/FR-2020-05-22/pdf/2020-10263.pdf
Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy (DOE), and UK’s National Cyber Security Centre (NCSC) release “Cybersecurity Best Practices for Industrial Control Systems”
05-26-20
NIST releases draft White Paper “Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms”
H-ISAC Publishes Framework for Managing Identity in Healthcare
https://h-isac.org/an-h-isac-framework-for-cisos-to-manage-identity-2/
05-27-20
FDIC – Proposed Rule / Extension of Comment Period – Parent Companies of Industrial Banks and Industrial Loan Companies; Extension of Comment Period
https://www.govinfo.gov/content/pkg/FR-2020-05-27/pdf/2020-11446.pdf
NIST publishes SP 800-204A, Building Secure Microservices-based Applications Using Service-Mesh Architecture
https://csrc.nist.gov/News/2020/nist-publishes-sp-800-204a
05-28-20
OCC – Interim Final Rule – Director, Shareholder, and Member Meetings
https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-11525.pdf
FRB – Final Rule to Extend Compliance Dates – Single-Counterparty Credit Limits for Bank Holding Companies and Foreign Banking Organizations
https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-09665.pdf
NCUA – Interim Final Rule – Temporary Regulatory Relief in Response to COVID–19—Prompt Corrective Action
https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-11384.pdf
NIST Seeks Public Input on Use of Positioning, Navigation and Timing Services
OMB releases FISMA FY 2019 Annual Report to Congress
https://www.whitehouse.gov/wp-content/uploads/2020/05/2019-FISMARMAs.pdf
Judge rules Capital One must hand over Mandiant’s forensic data breach report
https://www.cyberscoop.com/capital-one-breach-mandiant-report-judge-ruling/
05-29-20
HHS-CMS – Proposed Rule – Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long- Term Care Hospital Prospective Payment System and Proposed Policy Changes and Fiscal Year 2021 Rates; Quality Reporting and Medicare and Medicaid Promoting Interoperability Programs Requirements for Eligible Hospitals and Critical Access Hospitals
https://www.govinfo.gov/content/pkg/FR-2020-05-29/pdf/2020-10122.pdf
PCI SSC issues Request for Comments: PIN v3.1 Standard Draft
https://blog.pcisecuritystandards.org/request-for-comments-pin-v3.1-standard-draft
PCI DSS v4.0: Anticipated Timelines and Latest Updates
https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updates
06-01-20
OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Temporary Exclusion of U.S. Treasury Securities and Deposits at Federal Reserve Banks from the Supplementary Leverage Ratio for Depository Institutions
https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10962.pdf
OCC/FRB/FDIC/NCUA – Interagency Policy Statement on Allowances for Credit Losses
https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10291.pdf
SEC – Correcting Amendment – Recordkeeping and Reporting Requirements for Security-Based Swap Dealers, Major Security-Based Swap Participants, and Broker- Dealers
https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10016.pdf
SEC – Final Rule – Securities Offering Reform for Closed- End Investment Companies
https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-07790.pdf
NIST releases NISTIR 8259A, “IoT Device Cybersecurity Capability Core Baseline” and
NISTIR 8259, “Foundational Cybersecurity Activities for IoT Device Manufacturers”
https://csrc.nist.gov/News/2020/security-iot-device-manufacturers-8259-and-8259a
06-02-20
NRC – Proposed Rule – Social Security Number Fraud Prevention
https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11900.pdf
NRC – Direct Final Rule – Social Security Number Fraud Prevention
https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11899.pdf
OCC – Final Rule – Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred
https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11963.pdf
Biometric privacy case against Vimeo won’t go to arbitration, judge rules
06-03-20
California Attorney General submits final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL)
https://oag.ca.gov/privacy/ccpa
Senators Propose Bill to Regulate Privacy of COVID-19 Contact Tracing Apps
06-04-20
Cyberspace Solarium Commission issues White Paper #1: Cybersecurity Lessons from the Pandemic
https://www.solarium.gov/public-communications/pandemic-white-paper
CISA creates “CISA Central” to coordinate “situational awareness and response to national cyber, communications, and physical incidents”
Developer of Apps Popular with Children Agrees to Settle FTC Allegations It Illegally Collected Kids’ Data without Parental Consent
NIST releases SP 800-133 Rev. 2 “Recommendation for Cryptographic Key Generation”
https://csrc.nist.gov/publications/detail/sp/800-133/rev-2/final
06-05-20
NCUA – Proposed Rule – Joint Ownership Share Accounts
https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-11385.pdf
OCC – Final Rule – Community Reinvestment Act Regulations
https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-11220.pdf
CFPB – Final Rule – Remittance Transfers Under the Electronic Fund Transfer Act (Regulation E)
https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-10278.pdf
Basel Committee issues “The Basel Framework: frequently asked questions”
https://www.bis.org/bcbs/publ/d503.htm
06-08-20
IAB Tech Lab releases CCPA data deletion spec
https://www.adweek.com/programmatic/iab-tech-lab-data-deletion-spec-ccpa-enforcement/
NCCoE Announces Technology Collaborators for Protecting Information and System Integrity in Industrial Control System Environments Project
NIST issues Call for Comments on the four-volume set of Digital Identity Guideline documents, including: Special Publication (SP) 800-63-3 Digital Identity Guidelines, SP 800-63A Enrollment and Identity Proofing, SP 800-63B Authentication and Lifecycle Management, and SP 800-63C Federation and Assertions.
https://csrc.nist.gov/News/2020/call-for-comments-on-digital-identity-guidelines
06-09-20
Rogue Payment Processor that Helped Perpetuate Multiple Scams Is Banned from the Payment Processing Business Under FTC Settlement
06-10-20
OCC – Correcting Amendment – Director, Shareholder, and Member Meetings: Technical Correction
https://www.govinfo.gov/content/pkg/FR-2020-06-10/pdf/2020-12570.pdf
FTC Reaches Settlement with Kohl’s over Allegations it Failed to Provide Victims with Information Related to Identity Theft
PCI – What to Know About the Approved Scanning Vendor Program
https://blog.pcisecuritystandards.org/what-to-know-about-the-approved-scanning-vendor-program
06-12-20
CFTC – Proposed Rule – Exemption from Registration for Certain Foreign Persons Acting as Commodity Pool Operators of Offshore Commodity Pools
https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-12034.pdf
CFTC – Proposed Rule – Bankruptcy Regulations
https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-08482.pdf
CFTC – Correcting Amendments – Derivatives Clearing Organization General Provisions and Core Principles
https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-10809.pdf
OCR Issues Guidance on How Health Care Providers Can Contact Former COVID-19 Patients About Blood and Plasma Donation Opportunities
06-15-20
Atlantic Council releases report on IoT supply chain security
06-16-20
Judge approves $3.2M settlement in Illinois BIPA case
NIST announces release of OSCAL 1.0.0 Milestone 3
https://csrc.nist.gov/News/2020/oscal-1-0-0-milestone-3-release
PCI SSC releases PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0
https://www.pcisecuritystandards.org/about_us/press_releases/pr_06162020
06-17-20
Pentagon Wants to Scale Up Its Device Security Program
NIST releases SP 1800-16 “Securing Web Transactions: TLS Server Certificate Management”
https://csrc.nist.gov/publications/detail/sp/1800-16/final
06-18-20
CFPB – Proposed Rule – Facilitating the LIBOR Transition (Regulation Z)
https://www.govinfo.gov/content/pkg/FR-2020-06-18/pdf/2020-12239.pdf
Information Technology Industry Council releases “ITI’s 5G Policy Principles and 5G Essentials for Global Policymakers”
https://www.itic.org/policy/ITI_5G_Full_Report.pdf
EDPB adopts statement on interoperability of contact-tracing apps
Senate HELP Committee Considers Permanent Changes to Telehealth Policies
NSA Piloting Secure Domain Name System Service for Defense Contractors
https://www.cyberscoop.com/nsa-secure-dns-service-pilot-defense-industrial-base/?category_news=
06-19-20
FERC releases “Cybersecurity Incentives Policy White Paper”
https://www.ferc.gov/media/headlines/2020/2020-2/notice-cybersecurity.pdf
Sen. Sherrod Brown, D-Ohio, releases federal U.S. privacy law draft
https://www.brown.senate.gov/newsroom/press/release/brown-proposal-protect-consumers-privacy
FTC releases “FTC’s Use of Its Authorities to Protect Consumer Privacy and Security”
FTC releases “FTC Report on Resources Used and Needed for Protecting Consumer Privacy and Security”
French court upholds ruling fining Google $56 million for data protection violations
06-22-20
DHS/CISA – Retrospective Analysis of the Chemical Facility Anti-Terrorism Standards
https://www.govinfo.gov/content/pkg/FR-2020-06-22/pdf/2020-13147.pdf
FTC offers tips on data use by businesses during COVID-19 pandemic
https://www.ftc.gov/news-events/blogs/business-blog/2020/06/privacy-during-coronavirus
06-23-20
Basel Committee proposes amendment to capital rules for non-performing loan securitisations
https://www.bis.org/press/p200623.htm
National Advertising Initiative releases “Best Practices: Using Information Collected for Tailored Advertising or Ad Delivery and Reporting for Non-Marketing Purposes”
https://www.networkadvertising.org/sites/default/files/nai_nonmarketing-bestpractices-0620_final.pdf
HIPAA Journal May 2020 Healthcare Data Breach Report
https://www.hipaajournal.com/may-2020-healthcare-data-breach-report/
06-24-20
OCC – Interim Final Rule – Assessment of Fees
https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-13719.pdf
CFTC – Final Interpretive Guidance – Retail Commodity Transactions Involving Certain Digital Assets
https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-11827.pdf
Bureau of Indian Affairs – Final Rule / Technical Amendment – Change of Address; Office of Indian Gaming for Submission of Tribal-State Class III Gaming Compacts
https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-13060.pdf
FERC issues Notice of Inquiry on “Potential Enhancements to the Critical Infrastructure Protection Reliability Standards”
https://s3.amazonaws.com/public-inspection.federalregister.gov/2020-13618.pdf
“The DOD wants better cybersecurity for its contractors. The first steps haven’t been easy.”
[Article on status of the Cybersecurity Maturity Model Certification (CMMC)]https://www.fedscoop.com/cmmc-dod-cybersecurity-requirments-contractors-timeline/
European Commission issues two-year evaluation report on GDPR
https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1163
06-25-20
California Privacy Rights Act (CPRA) qualifies for November ballot
https://elections.cdn.sos.ca.gov/ccrov/pdf/2020/june/20123jh.pdf
Washington State AG announces $100,000 fine against Super Basic and its parent company, Maple Media, over alleged U.S. Children’s Online Privacy Protection Act (COPPA) violations
06-26-20
FDIC – Final Rule – Assessments, Mitigating the Deposit Insurance Assessment Effect of Participation in the Paycheck Protection Program (PPP), the PPP Liquidity Facility, and the Money Market Mutual Fund Liquidity Facility
https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13751.pdf
CFPB – Interpretive Rule – Truth in Lending (Regulation Z); Determining ‘‘Underserved’’ Areas Using Home Mortgage Disclosure Act Data
https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13801.pdf
FCC – Final Rule – Implementing the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act
https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-11252.pdf
FCC – Final Rule – Advanced Methods To Target and Eliminate Unlawful Robocalls
https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13748.pdf
PCI – What’s New in PCI SPoC Security Standard Version 1.1?
https://blog.pcisecuritystandards.org/whats-new-in-pci-spoc-security-standard-version-1-1