Edgile iGRC Content Library

Edgile iGRC Content Library

Authoritative Source Master List

Source ID Source Name
1 CMS Meaningful Use
2 COBIT 4.1
3 FFIEC IT Examination Handbook – Audit
4 FFIEC – Authentication in an Internet Banking Environment
5 FFIEC IT Examination Handbook – Business Continuity Planning
6 FFIEC IT Examination Handbook – Development and Acquisition
7 FFIEC IT Examination Handbook – Information Security
8 FFIEC IT Examination Handbook – Management
9 FFIEC IT Examination Handbook – Operations
10 FFIEC IT Examination Handbook – Outsourcing Technology Services
11 FFIEC IT Examination Handbook – Retail Payment Systems
12 FFIEC IT Examination Handbook – E-Banking
13 FFIEC – Supplement to Authentication in an Internet Banking Environment
14 12 CFR 30 – Appendix B – Interagency Guidelines Establishing Standards for Safeguarding Customer Information
15 45 CFR 164 – Security and Privacy (HIPAA)
16 45 CFR 160 & 45 CFR 164 – General Administrative Requirements (HIPAA Omnibus Updates)
17 HIPAA Privacy & Breach Notification
18 HIPAA Security Audit Program Protocol (OCR)
19 HITECH Breach Notification Guidance and RFI (74 FR 19006)
20 HITECH Breach Notification Interim Final Regulation (74 FR 42740)
21 HITRUST Common Security Framework – 2010
22 25 CFR 542.16 & 25 CFR 543.16 – Indian Gaming Control – Minimum Internal Control Standards for IT
23 International Privacy – U.S.-EU Safe Harbor Privacy Principles
24 International Privacy – India Information Technology (Amendment) Act 2008 and Privacy Rules
25 IRS Publication 1075 (2010)
26 ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements
27 ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management
28 ISO/IEC 27005:2011 – Information technology – Security techniques – Information security risk management
29 Louisiana State Police Gaming Enforcement Division – CPA Minimum Internal Controls Questionnaire
30 NERC CIP-002-4a – Cyber Security – Critical Cyber Asset Identification
31 NERC CIP-002-5 – Cyber Security – BES Cyber System Categorization
32 NERC CIP-003-4 – Cyber Security – Security Management Controls
33 NERC CIP-003-5 – Cyber Security – Security Management Controls
34 NERC CIP-004-4a – Cyber Security – Personnel & Training
35 NERC CIP-004-5 – Cyber Security – Personnel & Training
36 NERC CIP-005-4a – Cyber Security – Electronic Security Perimeter(s)
37 NERC CIP-005-5 – Cyber Security – Electronic Security Perimeter(s)
38 NERC CIP-006-4d – Cyber Security – Physical Security of Critical Cyber Assets
39 NERC CIP-006-5 – Cyber Security – Physical Security of BES Cyber Systems
40 NERC CIP-007-4 – Cyber Security – Systems Security Management
41 NERC CIP-007-5 – Cyber Security – System Security Management
42 NERC CIP-008-4 – Cyber Security – Incident Reporting and Response Planning
43 NERC CIP-008-5 – Cyber Security – Incident Reporting and Response Planning
44 NERC CIP-009-4 – Cyber Security – Recovery Plans for Critical Cyber Assets
45 NERC CIP-009-5 – Cyber Security – Recovery Plans for BES Cyber Systems
46 NERC CIP-010-1 – Cyber Security – Configuration Change Management and Vulnerability Assessments
47 NERC CIP-011-1 – Cyber Security – Information Protection
48 New Jersey – Chapter 69D Gaming Operation Accounting Controls and Standards
49 NIST SP 800-30 – Risk Management Guide for Information Technology Systems
50 NIST SP 800-39 – Managing Information Security Risk
51 NIST SP 800-53 – Federal IS Control Guidance
52 NIST SP 800-53 r4 – Security and Privacy Controls for Federal Information Systems and Organizations
53 NIST SP 800-53A – Federal IS Test Procedures
54 NIST SP 800-66 – An Introductory Resource Guide for Implementing HIPAA Security
55 10 CFR 73.54 – Protection of digital computer and communication systems and networks
56 NV MICS 1-28 Checklist
57 NV MICS 29-55 Checklist
58 Ohio – 3772-10-15 Information technology standards.
59 Payments Card Industry Data Security Standard (PCI DSS) 2.0 – Requirements and Security Assessment Procedures
60 12 CFR 202 – Equal Credit Opportunity (Regulation B)
61 State of Illinois: Gaming Control Board – Minimum Internal Control Standards – 03232010 (MICS)
62 State of Missouri: Gaming Control – Chapter S – Minimum Internal Control Standards – 0602011 (MICS)
63 State of Nevada: Gaming Control Board – Minimum Internal Control Standards – Information Technology v6 09012008 (MICS)
64 State of New Jersey: Gaming Control – 13:69D 1.11 (Casino Licensees Organization) Minimum Internal Control Standards 11072011 (MICS)
65 State of New Jersey: Gaming Control Subchapter 2 (Casino Computer Systems) Minimum Internal Control Standards 07052005 (MICS)
66 The Joint Commission July 1 2012
67 State of Louisiana – Louisiana Gaming – Title 42
68 21 CFR 11 – Electronic Records; Electronic Signatures
69 21 CFR 820 – Quality System Regulation
70 United States Privacy – Alaska – Personal Information Protection Act
71 United States Privacy – Arizona – Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions
72 United States Privacy – Arkansas – Personal Information Protection Act
73 United States Privacy – California – Business and Professions Code Sections 22575 – 22579
74 United States Privacy – California – Confidentiality of Medical Information Act
75 United States Privacy – California – Information Practices Act of 1977
76 United States Privacy – Colorado Consumer Protection Act
77 United States Privacy – Connecticut – Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practice.
78 United States Privacy – Delaware – Title 6 Chapter 12B. Computer Security Breaches
79 United States Privacy – District of Columbia – Notification of security breach
80 United States Privacy – Florida – Chapter 817.5681 – Breach of security concerning confidential personal information in third-party possession; administrative penalties
81 United States Privacy – Georgia – Breach of the security of the system
82 United States Privacy – Hawaii – Security Breach of Personal Information
83 United States Privacy – Idaho – Chapter 51 – Identity Theft
84 United States Privacy – Illinois – Personal Information Protection Act
85 United States Privacy – Indiana – Chapter 3. Disclosure and Notification Requirements
86 United States Privacy – Iowa – Chapter 715 C – Personal Information Security Breach Protection
87 United States Privacy – Kansas – Chapter 50: Article 7a: Protection Of Consumer Information
88 United States Privacy – Louisiana – RS 51:3074 – Disclosure upon breach in the security of personal information; notification requirements; exemption
89 United States Privacy – Maine – Chapter 210-B: Notice of Risk to Personal Data
90 United States Privacy – Maryland – Title 14, Subtitle 35 – Maryland Personal Information Protection Act
91 United States Privacy – Massachusetts – Act 2007 – Chapter 82: An Act Relative to Security Freezes and Notification of Data Breaches
92 United States Privacy – Massachusetts: 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of Commonwealth
93 United States Privacy – Michigan – Identity Theft Protection Act
94 United States Privacy – Minnesota – 325E.64 – Access Devices; Breach of Security
95 United States Privacy – Minnesota – 325E.61 – Data Warehouses; Notice Required for Certain Disclosures
96 United States Privacy – Mississippi – 75-24-29. Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement
97 United States Privacy – Missouri -MO-407.1500.1 Notice to consumer for breach of security, procedure–attorney general may bring action for damages
98 United States Privacy – Montana – 30-14-1704. Computer security breach
99 United States Privacy – Nebraska – Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006
100 United States Privacy – Nevada – Chapter 603A – Security of Personal Information
101 United States Privacy – New Hampshire – Chapter 359-C – Right to Privacy
102 United States Privacy – New Jersey – Identity Theft Prevention Act
103 United States Privacy – New York – Notification; person without valid authorization has acquired private information.
104 United States Privacy – North Carolina Section 76-65 – Protection from security breaches
105 United States Privacy – North Dakota – Chapter 51-30 – Notice of Security Breach for Personal Information
106 United States Privacy – Ohio – 1349.19 Private disclosure of security breach of computerized personal information data
107 United States Privacy – Oklahoma – Security Breach Notification Act
108 United States Privacy – Oregon – 646A – Identity Theft Prevention
109 United States Privacy – Rhode Island – CHAPTER 11-49.2 Identity Theft Protection
110 United States Privacy – South Carolina – 39-1-90. Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division
111 United States Privacy – Tennessee – Title 47 – Commercial Instruments and Transactions Chapter 18 – Consumer Protection Part 21 – Identity Theft
112 United States Privacy – Texas – Title 11. Personal Identity Information – Subtitle B. Identity Theft – Chapter 521. Unauthorized Use of Identifying Information
113 United States Privacy – Utah – Protection of Personal Information Act
114 United States Privacy – Vermont – 9 V.S.A. – Section 2445. Safe destruction of documents containing personal information
115 United States Privacy – Vermont – Security Breach Notice Act
116 United States Privacy – Vermont – Social Security Number Protection Act
117 United States Privacy – Virginia – 18.2-186.6. Breach of personal information notification
118 United States Privacy – Washington – RCW 19.255.010 – Disclosure, notice – Definitions – Rights, remedies
119 United States Privacy – Washington – RCW 42.56.590 – Personal information – Notice of security breaches
120 United States Privacy – West Virginia – Chapter 46A. West Virginia Consumer Credit and Protection Act – Article 2A. Breach of Security of Consumer Information
121 United States Privacy – Wisconsin – 134.98 Notice of unauthorized acquisition of personal information
122 United States Privacy – Wyoming – Wyoming Consumer Protection Act
123 FFIEC – Outsourced Cloud Computing
124 Payments Card Industry Data Security Standard (PCI DSS) 3.0 – Requirements and Security Assessment Procedures
125 HITRUST Common Security Framework – All Requirements – 2013
126 HITRUST Common Security Framework – Required for HITRUST Certification – 2013
127 IRS Publication 1075 (2014)
128 Federal Reserve Board Guidance on Managing Outsourcing Risk
129 OCC Bulletin 2013-29 (Subject: Third-Party Relationships)
130 12 CFR 201 – Extensions of Credit by Federal Reserve Banks (Regulation A)
131 Oklahoma Statutes – Title 76, Parts 19 and 20
132 ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements
133 ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls
134 17 CFR 38 Subpart K – Trade Information
135 17 CFR 38 Subpart U – System Safeguards
136 17 CFR 39 Subpart B – Compliance with Core Principles
137 17 CFR 39 Subpart C – Provisions Applicable to Systemically Important Derivatives Clearing Organizations
138 17 CFR 49 – Swap Data Repositories
139 17 CFR 37 Subpart O – System Safeguards
140 COBIT 5
141 NIST – Framework for Improving Critical Infrastructure Cybersecurity (Version 1.0)
142 EU Data Protection Directive
143 Privacy and Electronic Communications (EC Directive) Regulations 2003
144 UK Data Protection Act of 1998
145 CBEST Threat Intelligence Framework, Qualities of a threat intelligence provider
146 CBEST Implementation Guide
147 AICPA Trust Principles
148 Basel Committee on Banking Supervision: Core Principles for Effective Banking Supervision
149 Basel Committee on Banking Supervision: Principles for Effective Risk Data Aggregation and Risk Reporting
150 12 CFR 30 – OCC Heightened Standards for Large Banks
151 12 CFR 252 – Enhanced Prudential Standards (Regulation YY)
152 Committee of Sponsoring Organizations of the Treadway Commission: Internal Control – Integrated Framework
153 Cybersecurity Capability Maturity Model (C2M2) Version 1.1
154 12 CFR 203 – Home Mortgage Disclosure (Regulation C)
155 12 CFR 204 – Reserve Requirements of Depository Institutions (Regulation D)
156 12 CFR 205 – Electronic Fund Transfers (Regulation E)
157 12 CFR 206 – Limitations on Interbank Liabilities (Regulation F)
158 12 CFR 207 – Disclosure and Reporting of CRA-Related Events (Regulation G)
159 12 CFR 208 – Membership of State Banking Institutions in the Federal Reserve System (Regulation H)
160 12 CFR 209 – Issue and Cancellation of Federal Reserve Bank Capital Stock (Regulation I)
161 12 CFR 210 – Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire (Regulation J)
162 12 CFR 211 – International Banking Operations (Regulation K)
163 12 CFR 212 – Management Official Interlocks (Regulation L)
164 12 CFR 213 – Consumer Leasing (Regulation M)
165 12 CFR 214 – Relations with Foreign Banks and Bankers (Regulation N)
166 12 CFR 215 – Loans to Executive Officers, Directors, and Principal – Shareholders of Member Banks (Regulation O)
167 12 CFR 217 – Capital Adequacy of Bank Holding Companies, Savings and Loan Holding Companies, and State Member Banks (Regulation Q)
168 12 CFR 218 – Exceptions for Banks from the Definition of Broker in the Securities Exchange Act of 1934 (Regulation R)
169 12 CFR 219 – Reimbursement to Financial Institutions for Providing Financial Records; Recordkeeping Requirements for Certain Financial Records (Regulation S)
170 12 CFR 220 – Credit by Brokers and Dealers (Regulation T)
171 12 CFR 221 – Credit by Banks and Persons other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock (Regulation U)
172 12 CFR 222 – Fair Credit Reporting (Regulation V)
173 12 CFR 223 – Transactions between Member Banks and Their Affiliates (Regulation W)
174 12 CFR 224 – Borrowers of Securities Credit (Regulation X)
175 12 CFR 225 – Bank Holding Companies and Change in Bank Control (Regulation Y)
176 12 CFR 226 – Truth in Lending (Regulation Z)
177 12 CFR 227 – Unfair or Deceptive Acts or Practices (Regulation AA)
178 12 CFR 228 – Community Reinvestment (Regulation BB)
179 12 CFR 229 – Availability of Funds and Collection of Checks (Regulation CC)
180 12 CFR 231 – Netting Eligibility for Financial Institutions (Regulation EE)
181 12 CFR 232 – Obtaining and Using Medical Information in Connection with Credit (Regulation FF)
182 12 CFR 233 – Prohibition on Funding of Unlawful Internet Gambling (Regulation GG)
183 12 CFR 234 – Designated Financial Market Utilities (Regulation HH)
184 12 CFR 235 – Debit Card Interchange Fees and Routing (Regulation II)
185 12 CFR 237 – Margin and Capital Requirements for Covered Swap Entities (Regulation KK)
186 12 CFR 238 – Savings and Loan Holding Companies (Regulation LL)
187 12 CFR 239 – Mutual Holding Companies (Regulation MM)
188 12 CFR 240 – Retail Foreign Exchange Transactions (Regulation NN)
189 12 CFR 241 – Securities Holding Companies (Regulation OO)
190 12 CFR 242 – Definitions Relating to Title I of the Dodd-Frank Act (Regulation PP)
191 12 CFR 243 – Resolution Plans (Regulation QQ)
192 12 CFR 244 – Credit Risk Retention (Regulation RR)
193 12 CFR 246 – Supervision and Regulation Assessments of Fees (Regulation TT)
194 12 CFR 248 – Proprietary Trading and Certain Interests in and Relationships with Covered Funds (Regulation VV)
195 12 CFR 249 – Liquidity Risk Measurement Standards (Regulation WW)
196 12 CFR 251 – Concentration Limit (Regulation XX)
197 Payment Card Industry Data Security Standard (PCI DSS) 3.1 – Requirements and Security Assessment Procedures
198 FFIEC Cybersecurity Assessment Tool
199 OCC Bulletin 2001-47 (Subject: Third-Party Relationships – Risk Management Principles)
200 FRB-OCC-SEC – Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Financial System
201 Payment Card Industry Data Security Standard (PCI DSS) Designated Entities Supplemental Validation (For use with PCI DSS v3.1)
202 NERC CIP-002-3 – Cyber Security – Critical Cyber Asset Identification
203 NERC CIP-002-3b – Cyber Security – Critical Cyber Asset Identification
204 NERC CIP-002-5.1 – Cyber Security – BES Cyber System Categorization
205 NERC CIP-003-3 – Cyber Security – Security Management Controls
206 NERC CIP-003-3a – Cyber Security – Security Management Controls
207 NERC CIP-003-6 – Cyber Security – Security Management Controls
208 NERC CIP-004-3a – Cyber Security – Personnel & Training
209 NERC CIP-004-5.1 – Cyber Security – Personnel & Training
210 NERC CIP-004-6 – Cyber Security – Personnel & Training
211 NERC CIP-005-3a – Cyber Security – Electronic Security Perimeter(s)
212 NERC CIP-006-3c – Cyber Security – Physical Security of Critical Cyber Assets
213 NERC CIP-006-6 – Cyber Security – Physical Security of BES Cyber Systems
214 NERC CIP-007-3a – Cyber Security – Systems Security Management
215 NERC CIP-007-3b – Cyber Security – Systems Security Management
216 NERC CIP-007-6 – Cyber Security – System Security Management
217 NERC CIP-008-3 – Cyber Security – Incident Reporting and Response Planning
218 NERC CIP-009-3 – Cyber Security – Recovery Plans for Critical Cyber Assets
219 NERC CIP-009-6 – Cyber Security – Recovery Plans for BES Cyber Systems
220 NERC CIP-010-2 – Cyber Security – Configuration Change Management and Vulnerability Assessments
221 NERC CIP-011-2 – Cyber Security – Information Protection
222 NERC CIP-014-1 – Cyber Security – Physical Security
223 NERC CIP-014-2 – Cyber Security – Physical Security
224 16 CFR 318 – Health Breach Notification Rule (FTC)
225 California – Electronic Communications Privacy Act
226 Connecticut – Public Act No. 15-142 – An Act Improving Data Security and Agency Effectiveness
227 FFIEC IT Examination Handbook – Management 2015
228 FIPS Publication 199 – Standards for Security Categorization of Federal Information and Information Systems
229 FIPS Publication 200 – Minimum Security Requirements for Federal Information and Information Systems
230 NIST SP 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations
231 OMB Circular A-123, Managements Responsibility for Internal Control
232 Federal Information Systems Controls Audit Manual (FISCAM) – 2009
233 Consumer Financial Protection Bureau Regulations
234 Consumer Financial Protection Act
235 Childrens Online Privacy Protection Rule
236 Childrens Online Privacy Protection Act
237 Right to Financial Privacy Act
238 Fair Credit Reporting Act
239 Commodity Futures Trading Commission Regulations
240 Securities and Exchange Commission Regulations
241 Department of the Treasury Regulations
242 16 CFR Part 313 – Privacy of Consumer Financial Information
243 16 CFR Part 314 – Standards for Safeguarding Customer Information
244 Bank Secrecy Act
245 CIS Critical Security Controls v6.0
246 CSA-CCM v3.0.1
247 Payment Card Industry Data Security Standard (PCI DSS) 3.2 – Requirements and Security Assessment Procedures
248 IRS Publication 4812 (Rev 10-2015)
249 FFIEC IT Examination Handbook – Retail Payment Systems (2016)
250 NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems
251 NIST SP 800-16 – Information Technology Security Training Requirements
252 NIST SP 800-18 Rev1 – Guide for Developing Security Plans for Federal Information Systems
253 NIST SP 800-21 – Guideline for Implementing Cryptography In the Federal Government
254 NIST SP 800-34 Rev1 – Contingency Planning Guide for Federal Information Systems
255 NIST SP 800-37 Rev1 – Guide for Applying the Risk Management Framework to Federal Information Systems
256 NIST SP 800-47 – Security Guide for Interconnecting Information Technology Systems
257 NIST SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories
258 NIST SP 800-61 – Computer Security Incident Handling Guide
259 NIST SP 800-64 – Security Considerations in the System Development Life Cycle
260 NIST SP 800-81-2 – Secure Domain Name System (DNS) Deployment Guide
261 NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
262 NIST SP 800-123 – Guide to General Server Security
263 NIST SP 800-125 – Guide to Security for Full Virtualization Technologies
264 NIST SP 800-127 – Guide to Securing WiMAX Wireless Communications
265 NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems
266 NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations
267 NIST SP 800-144 – Guidelines on Security and Privacy in Public Cloud Computing
268 PCI Mobile Payment Acceptance Security Guidelines (07/14)
269 PCI DSS Risk Assessment Guidelines (11/12)
270 PCI Best Practices for Implementing a Security Awareness Program (10/14)
271 PCI DSS Cloud Computing Guidelines (02/13)
272 DHS Sensitive Systems Policy Directive 4300A v12.01 (02/16)
273 EU-US Privacy Shield Framework
274 21 CFR Part 21 – Protection of Privacy
275 Federal Information Security Management Act
276 Basel Committee on Banking Supervision: Principles for the Sound Management of Operational Risk
277 United States Privacy – Pennsylvania – Breach of Personal Information Notification Act
278 CAN-SPAM Act of 2003
279 16 CFR Part 316 – CAN-SPAM Rule
280 34 CFR Part 99 (Family Educational Rights and Privacy)
281 FFIEC IT Examination Handbook: Supervision of Technology Service Providers (2012)
282 OMB Circular A-130 – Management of Federal Information Resources
283 FFIEC IT Examination Handbook – Information Security (09-16)
284 17 CFR 37 Subpart O – System Safeguards (2016)
285 17 CFR 38 Subpart U – System Safeguards (2016)
286 17 CFR 39 Subpart B – System Safeguards (2016)
287 17 CFR 49 – System Safeguards (2016)
288 CIS Critical Security Controls v6.1
289 IRS Publication 1075 (2016)
290 NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies
291 US-CERT Cyber Resilience Review (CRR)
292 Responsible Care: Security Code of Management Practices
293 NIST SP 800-82 – Guide to Industrial Control Systems (ICS) Security Rev 2
294 CPMI-IOSCO – Guidance on Cyber Resilience for Financial Market Infrastructures
295 NIST SP 800-160 – Systems Security Engineering
296 HIPAA Audit Protocol (2016)
297 SAMHSA – Confidentiality of Substance Use Disorder Patient Records
298 PCI Terminal Software Security
299 PCI Tokenization Product Security Guidelines
300 PCI Mobile Payment Acceptance Security Guidelines for Developers (07/14)
301 PCI – Skimming Prevention – Best Practices for Merchants
302 PCI ATM Security Guidelines
303 PCI Card Production and Provisioning – Logical Security Requirements v2.0
304 PCI Card Production and Provisioning – Physical Security Requirements v2.0
305 PCI Effective Daily Log Monitoring
306 PCI DSS Wireless Guidelines v2.0
307 PCI Penetration Testing Guidance
308 PCI Third-Party Security Assurance
309 DHS – Chemical Facility Anti-Terrorism Standards – Risk-Based Performance Standards Guidance
310 Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (GDPR – General Data Protection Regulation)
311 33 CFR Subchapter H – Maritime Security
312 6 CFR Part 27 – Chemical Facility Anti-Terrorism Standards
313 CBEST Intelligence-Led Testing – Understanding Cyber Threat Intelligence Operations v2.0
314 CBEST Intelligence-Led Testing – CBEST Services Assessment Guide v2.0
315 CBEST Intelligence-Led Testing – CBEST Implementation Guide v2.0
316 NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors
317 NRC Regulations – System and Network Protection
318 NRC Regulations – Cybersecurity Event Notification
319 DOE Electricity Subsector Cybersecurity Risk Management Process
320 State of Nevada – Gaming Control Board – Minimum Internal Control Standards – Information Technology – v7 – 2014
321 State of Nevada – Gaming Control Board – CPA MICS Compliance Checklist – IT v7
322 State of Illinois – Gaming Board – Minimum Internal Control Standards 2016
323 State of New Jersey: Gaming Control 13:69D-1.11 (Casino Licensees Organization) 2014
324 State of New Jersey: Gaming Control 13:69D-2 (Casino Computer Systems) 2014
325 FDA – Postmarket Management of Cybersecurity in Medical Devices
326 NSA/CSS – Information Assurance Directorate – NSA Methodology for Adversary Obstruction
327 FINRA Rules
328 FINRA – Capital Acquisition Broker Rules
329 FINRA – Funding Portal Rules
330 FINRA – NASD Rules
331 FINRA – Incorporated NYSE Rules
332 FINRA – Incorporated NYSE Rule Interpretations
333 Swiss-US Privacy Shield Framework
334 APEC Privacy Framework
335 APEC Privacy Framework 2015
336 APEC Cooperation Arrangement for Cross-Border Privacy Enforcement
337 APEC Cross-Border Privacy Rules System
338 APEC Privacy Recognition for Processors System
339 APEC CBPR System Intake Questionnaire
340 APEC PRP Intake Questionnaire for Personal Information Processors
341 United States Privacy – Alabama – Medical Record Services
342 United States Privacy – Alabama – Guidelines for Medical Records Management
343 United States Privacy – Alabama – Minimum Standards for Medical Records
344 United States Privacy – Alaska – Health Care Services Information and Review Organizations
345 United States Privacy – Alaska – Hospital records retention
346 United States Privacy – Alaska – Confidential records
347 United States Privacy – Alaska – Records of alcoholics, drug abusers, and intoxicated persons
348 United States Privacy – Alaska – Medical Record Service
349 United States Privacy – Arizona – Evidence – Medical Records
350 United States Privacy – Arizona – Medical Records
351 United States Privacy – Arizona – Health Information Organizations
352 United States Privacy – Arkansas – Access to medical records
353 United States Privacy – Arkansas – Patient Medical Records Privacy Act
354 United States Privacy – Arkansas – Health Information Services
355 United States Privacy – California – Confidentiality of Medical Information Act
356 United States Privacy – California – Unauthorized Access to Medical Information
357 United States Privacy – California – Patient Access to Health Records
358 United States Privacy – California – Medical Records
359 United States Privacy – Colorado – Protection of Medical Records
360 United States Privacy – Colorado – Patient Records
361 United States Privacy – Colorado – Mental health records
362 United States Privacy – Colorado – Access to Patient Medical Records
363 United States Privacy – Connecticut – Confidentiality of medical records
364 United States Privacy – Connecticut – Medical Records
365 United States Privacy – Connecticut – Department of Health Services – Medical Records
366 United States Privacy – Delaware – Informed Consent and Confidentiality – Genetic Information
367 United States Privacy – Delaware – Informed Consent and Confidentiality – Confidentiality of Personal Health Information
368 United States Privacy – District of Columbia – Mental Health Information
369 United States Privacy – Florida – Patient Records
370 United States Privacy – Georgia – Health Records
371 United States Privacy – Georgia – Clinical Records
372 United States Privacy – Hawaii – Health Care Privacy Harmonization Act
373 United States Privacy – Hawaii – Medical Records
374 United States Privacy – Illinois – Health Care Records
375 United States Privacy – Indiana – Health Records and Identifying Information Protection
376 United States Privacy – Indiana – Health Records
377 United States Privacy – Kansas – Health Care Data
378 United States Privacy – Kentucky – Privacy of health information
379 United States Privacy – Louisiana Health Care Consumers’ Right to Know
380 United States Privacy – Louisiana – Hospital Records and Retention Act
381 United States Privacy – Louisiana – Prohibitions on the Use of Medical Information and Genetic Test Results
382 United States Privacy – Maine – Patient Access to Hospital Medical Records
383 United States Privacy – Maryland – Confidentiality of Medical Records
384 United States Privacy – Massachusetts – Inspection of Health Records
385 United States Privacy – Michigan – Medical Records Access Act
386 United States Privacy – Minnesota – Minnesota Health Records Act
387 United States Privacy – Mississippi – Hospital Records – Preparation, Preservation & Destruction
388 United States Privacy – Mississippi – Medical Records
389 United States Privacy – Montana – Health Care Information Privacy Requirements for Providers Subject to HIPAA
390 United States Privacy – Montana – Uniform Health Care Information
391 United States Privacy – Montana – Government Health Care Information
392 United States Privacy – Nebraska – Medical Records
393 United States Privacy – Nevada – Healing Arts Generally
394 United States Privacy – Nevada – Electronic transmission of health information
395 United States Privacy – Nevada – Health Information Exchanges
396 United States Privacy – New Hampshire – Medical Records, Patient Information, and the Health Information Organization Corporation
397 United States Privacy – New Jersey – Health Insurance Carrier Computerized Records
398 United States Privacy – New Mexico – Health and Hospital Records
399 United States Privacy – New Mexico – Health Information Systems
400 United States Privacy – New Mexico – Electronic Medical Records
401 United States Privacy – New Mexico – Genetic Information Privacy
402 United States Privacy – New York – Public Health – General Provisions
403 United States Privacy – North Dakota – Health Information Protection
404 United States Privacy – Ohio – Protected Health Information
405 United States Privacy – Oregon – Protected Health Information
406 United States Privacy – Pennsylvania – Medical Records Services
407 United States Privacy – Pennsylvania – Privacy of Consumer Health Information
408 United States Privacy – Rhode Island – Confidentiality of Health Care Information Act
409 United States Privacy – Rhode Island – Rhode Island Health Information Exchange Act of 2008
410 United States Privacy – Rhode Island – Privacy of Consumer Health Information
411 United States Privacy – Rhode Island – Medical Records
412 United States Privacy – South Carolina – Mental Illness / Substance Abuse Records
413 United States Privacy – South Carolina – Physicians’ Patient Records Act
414 United States Privacy – South Carolina – Prescription Information Privacy Act
415 United States Privacy – South Carolina – Privacy of Genetic Information
416 United States Privacy – South Dakota – Release of Medical Records
417 United States Privacy – South Dakota – Transfer or Destruction of Patient Records
418 United States Privacy – Tennessee – Medical Records
419 United States Privacy – Tennessee – Vital Records Act of 1977
420 United States Privacy – Tennessee – Medical Records Act of 1974
421 United States Privacy – Tennessee – Hospital Records as Evidence
422 United States Privacy – Tennessee – Patient’s Privacy Protection Act
423 United States Privacy – Texas – Medical Records Privacy
424 United States Privacy – Texas – Hospital Medical Records
425 United States Privacy – Texas – Insurance Code – Privacy of Health Information
426 United States Privacy – Texas – Insurance Consumer Health Information Privacy
427 United States Privacy – Utah – Access to Medical Records
428 United States Privacy – Vermont – Health Care Privacy
429 United States Privacy – Vermont – Health – Disclosure of information
430 United States Privacy – Virginia – Health Information
431 United States Privacy – Virginia – Health Records
432 United States Privacy – Washington – Health Information
433 United States Privacy – Washington – Medical Records – Health Care Information Access and Disclosure
434 United States Privacy – Washington – Medical Records Retention and Preservation
435 United States Privacy – West Virginia – Health Care Records
436 United States Privacy – Wisconsin – Health Care Records
437 United States Privacy – Wisconsin – Health Care Information
438 United States Privacy – Wisconsin – Insurers: Disclosure of Personal Medical Information
439 United States Privacy – Wyoming – Hospital Records and Information
440 United States Privacy – Connecticut – State Contractors Confidential Information
441 United States Privacy – Florida – Security of confidential personal information
442 United States Privacy – Georgia – Disclosure of Certain Customer Information
443 United States Privacy – Illinois – Personal Information Protection Act (2016)
444 United States Privacy – Indiana – Notice of Security Breach
445 United States Privacy – Kentucky – Records Containing Personally Identifiable Information
446 United States Privacy – Kentucky – Personal Information Security and Breach Investigations
447 United States Privacy – Maryland – Protection of Information by State Agencies
448 United States Privacy – Massachusetts – Security Breaches
449 United States Privacy – Montana – State Agency Protection of Personal Information
450 United States Privacy – Montana – Computer Security Breach
451 United States Privacy – Nevada – Breach of State Agency Information System
452 United States Privacy – New Mexico – Data Breach Notification Act
453 United States Privacy – New York – Internet Security and Privacy Act
454 United States Privacy – Ohio – Personal Information Systems
455 United States Privacy – Oklahoma – Disclosure of breach of security of computerized personal information
456 United States Privacy – Rhode Island – Rhode Island Identity Theft Protection Act of 2015
457 United States Privacy – Tennessee – Report to comptroller of treasury
Payment Card Industry Data Security Standard 3.2 (PCI 3.2)