Source ID |
Source Name |
1 |
CMS Meaningful Use |
2 |
COBIT 4.1 |
3 |
FFIEC IT Examination Handbook – Audit |
4 |
FFIEC – Authentication in an Internet Banking Environment |
5 |
FFIEC IT Examination Handbook – Business Continuity Planning |
6 |
FFIEC IT Examination Handbook – Development and Acquisition |
7 |
FFIEC IT Examination Handbook – Information Security |
8 |
FFIEC IT Examination Handbook – Management |
9 |
FFIEC IT Examination Handbook – Operations |
10 |
FFIEC IT Examination Handbook – Outsourcing Technology Services |
11 |
FFIEC IT Examination Handbook – Retail Payment Systems |
12 |
FFIEC IT Examination Handbook – E-Banking |
13 |
FFIEC – Supplement to Authentication in an Internet Banking Environment |
14 |
12 CFR 30 – Appendix B – Interagency Guidelines Establishing Standards for Safeguarding Customer Information |
15 |
45 CFR 164 – Security and Privacy (HIPAA) |
16 |
45 CFR 160 & 45 CFR 164 – General Administrative Requirements (HIPAA Omnibus Updates) |
17 |
HIPAA Privacy & Breach Notification |
18 |
HIPAA Security Audit Program Protocol (OCR) |
19 |
HITECH Breach Notification Guidance and RFI (74 FR 19006) |
20 |
HITECH Breach Notification Interim Final Regulation (74 FR 42740) |
21 |
HITRUST Common Security Framework – 2010 |
22 |
25 CFR 542.16 & 25 CFR 543.16 – Indian Gaming Control – Minimum Internal Control Standards for IT |
23 |
International Privacy – U.S.-EU Safe Harbor Privacy Principles |
24 |
International Privacy – India Information Technology (Amendment) Act 2008 and Privacy Rules |
25 |
IRS Publication 1075 (2010) |
26 |
ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements |
27 |
ISO/IEC 27002:2005 – Information technology – Security techniques – Code of practice for information security management |
28 |
ISO/IEC 27005:2011 – Information technology – Security techniques – Information security risk management |
29 |
Louisiana State Police Gaming Enforcement Division – CPA Minimum Internal Controls Questionnaire |
30 |
NERC CIP-002-4a – Cyber Security – Critical Cyber Asset Identification |
31 |
NERC CIP-002-5 – Cyber Security – BES Cyber System Categorization |
32 |
NERC CIP-003-4 – Cyber Security – Security Management Controls |
33 |
NERC CIP-003-5 – Cyber Security – Security Management Controls |
34 |
NERC CIP-004-4a – Cyber Security – Personnel & Training |
35 |
NERC CIP-004-5 – Cyber Security – Personnel & Training |
36 |
NERC CIP-005-4a – Cyber Security – Electronic Security Perimeter(s) |
37 |
NERC CIP-005-5 – Cyber Security – Electronic Security Perimeter(s) |
38 |
NERC CIP-006-4d – Cyber Security – Physical Security of Critical Cyber Assets |
39 |
NERC CIP-006-5 – Cyber Security – Physical Security of BES Cyber Systems |
40 |
NERC CIP-007-4 – Cyber Security – Systems Security Management |
41 |
NERC CIP-007-5 – Cyber Security – System Security Management |
42 |
NERC CIP-008-4 – Cyber Security – Incident Reporting and Response Planning |
43 |
NERC CIP-008-5 – Cyber Security – Incident Reporting and Response Planning |
44 |
NERC CIP-009-4 – Cyber Security – Recovery Plans for Critical Cyber Assets |
45 |
NERC CIP-009-5 – Cyber Security – Recovery Plans for BES Cyber Systems |
46 |
NERC CIP-010-1 – Cyber Security – Configuration Change Management and Vulnerability Assessments |
47 |
NERC CIP-011-1 – Cyber Security – Information Protection |
48 |
New Jersey – Chapter 69D Gaming Operation Accounting Controls and Standards |
49 |
NIST SP 800-30 – Risk Management Guide for Information Technology Systems |
50 |
NIST SP 800-39 – Managing Information Security Risk |
51 |
NIST SP 800-53 – Federal IS Control Guidance |
52 |
NIST SP 800-53 r4 – Security and Privacy Controls for Federal Information Systems and Organizations |
53 |
NIST SP 800-53A – Federal IS Test Procedures |
54 |
NIST SP 800-66 – An Introductory Resource Guide for Implementing HIPAA Security |
55 |
10 CFR 73.54 – Protection of digital computer and communication systems and networks |
56 |
NV MICS 1-28 Checklist |
57 |
NV MICS 29-55 Checklist |
58 |
Ohio – 3772-10-15 Information technology standards. |
59 |
Payments Card Industry Data Security Standard (PCI DSS) 2.0 – Requirements and Security Assessment Procedures |
60 |
12 CFR 202 – Equal Credit Opportunity (Regulation B) |
61 |
State of Illinois: Gaming Control Board – Minimum Internal Control Standards – 03232010 (MICS) |
62 |
State of Missouri: Gaming Control – Chapter S – Minimum Internal Control Standards – 0602011 (MICS) |
63 |
State of Nevada: Gaming Control Board – Minimum Internal Control Standards – Information Technology v6 09012008 (MICS) |
64 |
State of New Jersey: Gaming Control – 13:69D 1.11 (Casino Licensees Organization) Minimum Internal Control Standards 11072011 (MICS) |
65 |
State of New Jersey: Gaming Control Subchapter 2 (Casino Computer Systems) Minimum Internal Control Standards 07052005 (MICS) |
66 |
The Joint Commission July 1 2012 |
67 |
State of Louisiana – Louisiana Gaming – Title 42 |
68 |
21 CFR 11 – Electronic Records; Electronic Signatures |
69 |
21 CFR 820 – Quality System Regulation |
70 |
United States Privacy – Alaska – Personal Information Protection Act |
71 |
United States Privacy – Arizona – Notification of breach of security system; enforcement; civil penalty; preemption; exceptions; definitions |
72 |
United States Privacy – Arkansas – Personal Information Protection Act |
73 |
United States Privacy – California – Business and Professions Code Sections 22575 – 22579 |
74 |
United States Privacy – California – Confidentiality of Medical Information Act |
75 |
United States Privacy – California – Information Practices Act of 1977 |
76 |
United States Privacy – Colorado Consumer Protection Act |
77 |
United States Privacy – Connecticut – Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practice. |
78 |
United States Privacy – Delaware – Title 6 Chapter 12B. Computer Security Breaches |
79 |
United States Privacy – District of Columbia – Notification of security breach |
80 |
United States Privacy – Florida – Chapter 817.5681 – Breach of security concerning confidential personal information in third-party possession; administrative penalties |
81 |
United States Privacy – Georgia – Breach of the security of the system |
82 |
United States Privacy – Hawaii – Security Breach of Personal Information |
83 |
United States Privacy – Idaho – Chapter 51 – Identity Theft |
84 |
United States Privacy – Illinois – Personal Information Protection Act |
85 |
United States Privacy – Indiana – Chapter 3. Disclosure and Notification Requirements |
86 |
United States Privacy – Iowa – Chapter 715 C – Personal Information Security Breach Protection |
87 |
United States Privacy – Kansas – Chapter 50: Article 7a: Protection Of Consumer Information |
88 |
United States Privacy – Louisiana – RS 51:3074 – Disclosure upon breach in the security of personal information; notification requirements; exemption |
89 |
United States Privacy – Maine – Chapter 210-B: Notice of Risk to Personal Data |
90 |
United States Privacy – Maryland – Title 14, Subtitle 35 – Maryland Personal Information Protection Act |
91 |
United States Privacy – Massachusetts – Act 2007 – Chapter 82: An Act Relative to Security Freezes and Notification of Data Breaches |
92 |
United States Privacy – Massachusetts: 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of Commonwealth |
93 |
United States Privacy – Michigan – Identity Theft Protection Act |
94 |
United States Privacy – Minnesota – 325E.64 – Access Devices; Breach of Security |
95 |
United States Privacy – Minnesota – 325E.61 – Data Warehouses; Notice Required for Certain Disclosures |
96 |
United States Privacy – Mississippi – 75-24-29. Persons conducting business in Mississippi required to provide notice of a breach of security involving personal information to all affected individuals; enforcement |
97 |
United States Privacy – Missouri -MO-407.1500.1 Notice to consumer for breach of security, procedure–attorney general may bring action for damages |
98 |
United States Privacy – Montana – 30-14-1704. Computer security breach |
99 |
United States Privacy – Nebraska – Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 |
100 |
United States Privacy – Nevada – Chapter 603A – Security of Personal Information |
101 |
United States Privacy – New Hampshire – Chapter 359-C – Right to Privacy |
102 |
United States Privacy – New Jersey – Identity Theft Prevention Act |
103 |
United States Privacy – New York – Notification; person without valid authorization has acquired private information. |
104 |
United States Privacy – North Carolina Section 76-65 – Protection from security breaches |
105 |
United States Privacy – North Dakota – Chapter 51-30 – Notice of Security Breach for Personal Information |
106 |
United States Privacy – Ohio – 1349.19 Private disclosure of security breach of computerized personal information data |
107 |
United States Privacy – Oklahoma – Security Breach Notification Act |
108 |
United States Privacy – Oregon – 646A – Identity Theft Prevention |
109 |
United States Privacy – Rhode Island – CHAPTER 11-49.2 Identity Theft Protection |
110 |
United States Privacy – South Carolina – 39-1-90. Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division |
111 |
United States Privacy – Tennessee – Title 47 – Commercial Instruments and Transactions Chapter 18 – Consumer Protection Part 21 – Identity Theft |
112 |
United States Privacy – Texas – Title 11. Personal Identity Information – Subtitle B. Identity Theft – Chapter 521. Unauthorized Use of Identifying Information |
113 |
United States Privacy – Utah – Protection of Personal Information Act |
114 |
United States Privacy – Vermont – 9 V.S.A. – Section 2445. Safe destruction of documents containing personal information |
115 |
United States Privacy – Vermont – Security Breach Notice Act |
116 |
United States Privacy – Vermont – Social Security Number Protection Act |
117 |
United States Privacy – Virginia – 18.2-186.6. Breach of personal information notification |
118 |
United States Privacy – Washington – RCW 19.255.010 – Disclosure, notice – Definitions – Rights, remedies |
119 |
United States Privacy – Washington – RCW 42.56.590 – Personal information – Notice of security breaches |
120 |
United States Privacy – West Virginia – Chapter 46A. West Virginia Consumer Credit and Protection Act – Article 2A. Breach of Security of Consumer Information |
121 |
United States Privacy – Wisconsin – 134.98 Notice of unauthorized acquisition of personal information |
122 |
United States Privacy – Wyoming – Wyoming Consumer Protection Act |
123 |
FFIEC – Outsourced Cloud Computing |
124 |
Payments Card Industry Data Security Standard (PCI DSS) 3.0 – Requirements and Security Assessment Procedures |
125 |
HITRUST Common Security Framework – All Requirements – 2013 |
126 |
HITRUST Common Security Framework – Required for HITRUST Certification – 2013 |
127 |
IRS Publication 1075 (2014) |
128 |
Federal Reserve Board Guidance on Managing Outsourcing Risk |
129 |
OCC Bulletin 2013-29 (Subject: Third-Party Relationships) |
130 |
12 CFR 201 – Extensions of Credit by Federal Reserve Banks (Regulation A) |
131 |
Oklahoma Statutes – Title 76, Parts 19 and 20 |
132 |
ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements |
133 |
ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls |
134 |
17 CFR 38 Subpart K – Trade Information |
135 |
17 CFR 38 Subpart U – System Safeguards |
136 |
17 CFR 39 Subpart B – Compliance with Core Principles |
137 |
17 CFR 39 Subpart C – Provisions Applicable to Systemically Important Derivatives Clearing Organizations |
138 |
17 CFR 49 – Swap Data Repositories |
139 |
17 CFR 37 Subpart O – System Safeguards |
140 |
COBIT 5 |
141 |
NIST – Framework for Improving Critical Infrastructure Cybersecurity (Version 1.0) |
142 |
EU Data Protection Directive |
143 |
Privacy and Electronic Communications (EC Directive) Regulations 2003 |
144 |
UK Data Protection Act of 1998 |
145 |
CBEST Threat Intelligence Framework, Qualities of a threat intelligence provider |
146 |
CBEST Implementation Guide |
147 |
AICPA Trust Principles |
148 |
Basel Committee on Banking Supervision: Core Principles for Effective Banking Supervision |
149 |
Basel Committee on Banking Supervision: Principles for Effective Risk Data Aggregation and Risk Reporting |
150 |
12 CFR 30 – OCC Heightened Standards for Large Banks |
151 |
12 CFR 252 – Enhanced Prudential Standards (Regulation YY) |
152 |
Committee of Sponsoring Organizations of the Treadway Commission: Internal Control – Integrated Framework |
153 |
Cybersecurity Capability Maturity Model (C2M2) Version 1.1 |
154 |
12 CFR 203 – Home Mortgage Disclosure (Regulation C) |
155 |
12 CFR 204 – Reserve Requirements of Depository Institutions (Regulation D) |
156 |
12 CFR 205 – Electronic Fund Transfers (Regulation E) |
157 |
12 CFR 206 – Limitations on Interbank Liabilities (Regulation F) |
158 |
12 CFR 207 – Disclosure and Reporting of CRA-Related Events (Regulation G) |
159 |
12 CFR 208 – Membership of State Banking Institutions in the Federal Reserve System (Regulation H) |
160 |
12 CFR 209 – Issue and Cancellation of Federal Reserve Bank Capital Stock (Regulation I) |
161 |
12 CFR 210 – Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire (Regulation J) |
162 |
12 CFR 211 – International Banking Operations (Regulation K) |
163 |
12 CFR 212 – Management Official Interlocks (Regulation L) |
164 |
12 CFR 213 – Consumer Leasing (Regulation M) |
165 |
12 CFR 214 – Relations with Foreign Banks and Bankers (Regulation N) |
166 |
12 CFR 215 – Loans to Executive Officers, Directors, and Principal – Shareholders of Member Banks (Regulation O) |
167 |
12 CFR 217 – Capital Adequacy of Bank Holding Companies, Savings and Loan Holding Companies, and State Member Banks (Regulation Q) |
168 |
12 CFR 218 – Exceptions for Banks from the Definition of Broker in the Securities Exchange Act of 1934 (Regulation R) |
169 |
12 CFR 219 – Reimbursement to Financial Institutions for Providing Financial Records; Recordkeeping Requirements for Certain Financial Records (Regulation S) |
170 |
12 CFR 220 – Credit by Brokers and Dealers (Regulation T) |
171 |
12 CFR 221 – Credit by Banks and Persons other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock (Regulation U) |
172 |
12 CFR 222 – Fair Credit Reporting (Regulation V) |
173 |
12 CFR 223 – Transactions between Member Banks and Their Affiliates (Regulation W) |
174 |
12 CFR 224 – Borrowers of Securities Credit (Regulation X) |
175 |
12 CFR 225 – Bank Holding Companies and Change in Bank Control (Regulation Y) |
176 |
12 CFR 226 – Truth in Lending (Regulation Z) |
177 |
12 CFR 227 – Unfair or Deceptive Acts or Practices (Regulation AA) |
178 |
12 CFR 228 – Community Reinvestment (Regulation BB) |
179 |
12 CFR 229 – Availability of Funds and Collection of Checks (Regulation CC) |
180 |
12 CFR 231 – Netting Eligibility for Financial Institutions (Regulation EE) |
181 |
12 CFR 232 – Obtaining and Using Medical Information in Connection with Credit (Regulation FF) |
182 |
12 CFR 233 – Prohibition on Funding of Unlawful Internet Gambling (Regulation GG) |
183 |
12 CFR 234 – Designated Financial Market Utilities (Regulation HH) |
184 |
12 CFR 235 – Debit Card Interchange Fees and Routing (Regulation II) |
185 |
12 CFR 237 – Margin and Capital Requirements for Covered Swap Entities (Regulation KK) |
186 |
12 CFR 238 – Savings and Loan Holding Companies (Regulation LL) |
187 |
12 CFR 239 – Mutual Holding Companies (Regulation MM) |
188 |
12 CFR 240 – Retail Foreign Exchange Transactions (Regulation NN) |
189 |
12 CFR 241 – Securities Holding Companies (Regulation OO) |
190 |
12 CFR 242 – Definitions Relating to Title I of the Dodd-Frank Act (Regulation PP) |
191 |
12 CFR 243 – Resolution Plans (Regulation QQ) |
192 |
12 CFR 244 – Credit Risk Retention (Regulation RR) |
193 |
12 CFR 246 – Supervision and Regulation Assessments of Fees (Regulation TT) |
194 |
12 CFR 248 – Proprietary Trading and Certain Interests in and Relationships with Covered Funds (Regulation VV) |
195 |
12 CFR 249 – Liquidity Risk Measurement Standards (Regulation WW) |
196 |
12 CFR 251 – Concentration Limit (Regulation XX) |
197 |
Payment Card Industry Data Security Standard (PCI DSS) 3.1 – Requirements and Security Assessment Procedures |
198 |
FFIEC Cybersecurity Assessment Tool |
199 |
OCC Bulletin 2001-47 (Subject: Third-Party Relationships – Risk Management Principles) |
200 |
FRB-OCC-SEC – Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Financial System |
201 |
Payment Card Industry Data Security Standard (PCI DSS) Designated Entities Supplemental Validation (For use with PCI DSS v3.1) |
202 |
NERC CIP-002-3 – Cyber Security – Critical Cyber Asset Identification |
203 |
NERC CIP-002-3b – Cyber Security – Critical Cyber Asset Identification |
204 |
NERC CIP-002-5.1 – Cyber Security – BES Cyber System Categorization |
205 |
NERC CIP-003-3 – Cyber Security – Security Management Controls |
206 |
NERC CIP-003-3a – Cyber Security – Security Management Controls |
207 |
NERC CIP-003-6 – Cyber Security – Security Management Controls |
208 |
NERC CIP-004-3a – Cyber Security – Personnel & Training |
209 |
NERC CIP-004-5.1 – Cyber Security – Personnel & Training |
210 |
NERC CIP-004-6 – Cyber Security – Personnel & Training |
211 |
NERC CIP-005-3a – Cyber Security – Electronic Security Perimeter(s) |
212 |
NERC CIP-006-3c – Cyber Security – Physical Security of Critical Cyber Assets |
213 |
NERC CIP-006-6 – Cyber Security – Physical Security of BES Cyber Systems |
214 |
NERC CIP-007-3a – Cyber Security – Systems Security Management |
215 |
NERC CIP-007-3b – Cyber Security – Systems Security Management |
216 |
NERC CIP-007-6 – Cyber Security – System Security Management |
217 |
NERC CIP-008-3 – Cyber Security – Incident Reporting and Response Planning |
218 |
NERC CIP-009-3 – Cyber Security – Recovery Plans for Critical Cyber Assets |
219 |
NERC CIP-009-6 – Cyber Security – Recovery Plans for BES Cyber Systems |
220 |
NERC CIP-010-2 – Cyber Security – Configuration Change Management and Vulnerability Assessments |
221 |
NERC CIP-011-2 – Cyber Security – Information Protection |
222 |
NERC CIP-014-1 – Cyber Security – Physical Security |
223 |
NERC CIP-014-2 – Cyber Security – Physical Security |
224 |
16 CFR 318 – Health Breach Notification Rule (FTC) |
225 |
California – Electronic Communications Privacy Act |
226 |
Connecticut – Public Act No. 15-142 – An Act Improving Data Security and Agency Effectiveness |
227 |
FFIEC IT Examination Handbook – Management 2015 |
228 |
FIPS Publication 199 – Standards for Security Categorization of Federal Information and Information Systems |
229 |
FIPS Publication 200 – Minimum Security Requirements for Federal Information and Information Systems |
230 |
NIST SP 800-171 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations |
231 |
OMB Circular A-123, Managements Responsibility for Internal Control |
232 |
Federal Information Systems Controls Audit Manual (FISCAM) – 2009 |
233 |
Consumer Financial Protection Bureau Regulations |
234 |
Consumer Financial Protection Act |
235 |
Childrens Online Privacy Protection Rule |
236 |
Childrens Online Privacy Protection Act |
237 |
Right to Financial Privacy Act |
238 |
Fair Credit Reporting Act |
239 |
Commodity Futures Trading Commission Regulations |
240 |
Securities and Exchange Commission Regulations |
241 |
Department of the Treasury Regulations |
242 |
16 CFR Part 313 – Privacy of Consumer Financial Information |
243 |
16 CFR Part 314 – Standards for Safeguarding Customer Information |
244 |
Bank Secrecy Act |
245 |
CIS Critical Security Controls v6.0 |
246 |
CSA-CCM v3.0.1 |
247 |
Payment Card Industry Data Security Standard (PCI DSS) 3.2 – Requirements and Security Assessment Procedures |
248 |
IRS Publication 4812 (Rev 10-2015) |
249 |
FFIEC IT Examination Handbook – Retail Payment Systems (2016) |
250 |
NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems |
251 |
NIST SP 800-16 – Information Technology Security Training Requirements |
252 |
NIST SP 800-18 Rev1 – Guide for Developing Security Plans for Federal Information Systems |
253 |
NIST SP 800-21 – Guideline for Implementing Cryptography In the Federal Government |
254 |
NIST SP 800-34 Rev1 – Contingency Planning Guide for Federal Information Systems |
255 |
NIST SP 800-37 Rev1 – Guide for Applying the Risk Management Framework to Federal Information Systems |
256 |
NIST SP 800-47 – Security Guide for Interconnecting Information Technology Systems |
257 |
NIST SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories |
258 |
NIST SP 800-61 – Computer Security Incident Handling Guide |
259 |
NIST SP 800-64 – Security Considerations in the System Development Life Cycle |
260 |
NIST SP 800-81-2 – Secure Domain Name System (DNS) Deployment Guide |
261 |
NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) |
262 |
NIST SP 800-123 – Guide to General Server Security |
263 |
NIST SP 800-125 – Guide to Security for Full Virtualization Technologies |
264 |
NIST SP 800-127 – Guide to Securing WiMAX Wireless Communications |
265 |
NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems |
266 |
NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations |
267 |
NIST SP 800-144 – Guidelines on Security and Privacy in Public Cloud Computing |
268 |
PCI Mobile Payment Acceptance Security Guidelines (07/14) |
269 |
PCI DSS Risk Assessment Guidelines (11/12) |
270 |
PCI Best Practices for Implementing a Security Awareness Program (10/14) |
271 |
PCI DSS Cloud Computing Guidelines (02/13) |
272 |
DHS Sensitive Systems Policy Directive 4300A v12.01 (02/16) |
273 |
EU-US Privacy Shield Framework |
274 |
21 CFR Part 21 – Protection of Privacy |
275 |
Federal Information Security Management Act |
276 |
Basel Committee on Banking Supervision: Principles for the Sound Management of Operational Risk |
277 |
United States Privacy – Pennsylvania – Breach of Personal Information Notification Act |
278 |
CAN-SPAM Act of 2003 |
279 |
16 CFR Part 316 – CAN-SPAM Rule |
280 |
34 CFR Part 99 (Family Educational Rights and Privacy) |
281 |
FFIEC IT Examination Handbook: Supervision of Technology Service Providers (2012) |
282 |
OMB Circular A-130 – Management of Federal Information Resources |
283 |
FFIEC IT Examination Handbook – Information Security (09-16) |
284 |
17 CFR 37 Subpart O – System Safeguards (2016) |
285 |
17 CFR 38 Subpart U – System Safeguards (2016) |
286 |
17 CFR 39 Subpart B – System Safeguards (2016) |
287 |
17 CFR 49 – System Safeguards (2016) |
288 |
CIS Critical Security Controls v6.1 |
289 |
IRS Publication 1075 (2016) |
290 |
NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies |
291 |
US-CERT Cyber Resilience Review (CRR) |
292 |
Responsible Care: Security Code of Management Practices |
293 |
NIST SP 800-82 – Guide to Industrial Control Systems (ICS) Security Rev 2 |
294 |
CPMI-IOSCO – Guidance on Cyber Resilience for Financial Market Infrastructures |
295 |
NIST SP 800-160 – Systems Security Engineering |
296 |
HIPAA Audit Protocol (2016) |
297 |
SAMHSA – Confidentiality of Substance Use Disorder Patient Records |
298 |
PCI Terminal Software Security |
299 |
PCI Tokenization Product Security Guidelines |
300 |
PCI Mobile Payment Acceptance Security Guidelines for Developers (07/14) |
301 |
PCI – Skimming Prevention – Best Practices for Merchants |
302 |
PCI ATM Security Guidelines |
303 |
PCI Card Production and Provisioning – Logical Security Requirements v2.0 |
304 |
PCI Card Production and Provisioning – Physical Security Requirements v2.0 |
305 |
PCI Effective Daily Log Monitoring |
306 |
PCI DSS Wireless Guidelines v2.0 |
307 |
PCI Penetration Testing Guidance |
308 |
PCI Third-Party Security Assurance |
309 |
DHS – Chemical Facility Anti-Terrorism Standards – Risk-Based Performance Standards Guidance |
310 |
Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (GDPR – General Data Protection Regulation) |
311 |
33 CFR Subchapter H – Maritime Security |
312 |
6 CFR Part 27 – Chemical Facility Anti-Terrorism Standards |
313 |
CBEST Intelligence-Led Testing – Understanding Cyber Threat Intelligence Operations v2.0 |
314 |
CBEST Intelligence-Led Testing – CBEST Services Assessment Guide v2.0 |
315 |
CBEST Intelligence-Led Testing – CBEST Implementation Guide v2.0 |
316 |
NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors |
317 |
NRC Regulations – System and Network Protection |
318 |
NRC Regulations – Cybersecurity Event Notification |
319 |
DOE Electricity Subsector Cybersecurity Risk Management Process |
320 |
State of Nevada – Gaming Control Board – Minimum Internal Control Standards – Information Technology – v7 – 2014 |
321 |
State of Nevada – Gaming Control Board – CPA MICS Compliance Checklist – IT v7 |
322 |
State of Illinois – Gaming Board – Minimum Internal Control Standards 2016 |
323 |
State of New Jersey: Gaming Control 13:69D-1.11 (Casino Licensees Organization) 2014 |
324 |
State of New Jersey: Gaming Control 13:69D-2 (Casino Computer Systems) 2014 |
325 |
FDA – Postmarket Management of Cybersecurity in Medical Devices |
326 |
NSA/CSS – Information Assurance Directorate – NSA Methodology for Adversary Obstruction |
327 |
FINRA Rules |
328 |
FINRA – Capital Acquisition Broker Rules |
329 |
FINRA – Funding Portal Rules |
330 |
FINRA – NASD Rules |
331 |
FINRA – Incorporated NYSE Rules |
332 |
FINRA – Incorporated NYSE Rule Interpretations |
333 |
Swiss-US Privacy Shield Framework |
334 |
APEC Privacy Framework |
335 |
APEC Privacy Framework 2015 |
336 |
APEC Cooperation Arrangement for Cross-Border Privacy Enforcement |
337 |
APEC Cross-Border Privacy Rules System |
338 |
APEC Privacy Recognition for Processors System |
339 |
APEC CBPR System Intake Questionnaire |
340 |
APEC PRP Intake Questionnaire for Personal Information Processors |
341 |
United States Privacy – Alabama – Medical Record Services |
342 |
United States Privacy – Alabama – Guidelines for Medical Records Management |
343 |
United States Privacy – Alabama – Minimum Standards for Medical Records |
344 |
United States Privacy – Alaska – Health Care Services Information and Review Organizations |
345 |
United States Privacy – Alaska – Hospital records retention |
346 |
United States Privacy – Alaska – Confidential records |
347 |
United States Privacy – Alaska – Records of alcoholics, drug abusers, and intoxicated persons |
348 |
United States Privacy – Alaska – Medical Record Service |
349 |
United States Privacy – Arizona – Evidence – Medical Records |
350 |
United States Privacy – Arizona – Medical Records |
351 |
United States Privacy – Arizona – Health Information Organizations |
352 |
United States Privacy – Arkansas – Access to medical records |
353 |
United States Privacy – Arkansas – Patient Medical Records Privacy Act |
354 |
United States Privacy – Arkansas – Health Information Services |
355 |
United States Privacy – California – Confidentiality of Medical Information Act |
356 |
United States Privacy – California – Unauthorized Access to Medical Information |
357 |
United States Privacy – California – Patient Access to Health Records |
358 |
United States Privacy – California – Medical Records |
359 |
United States Privacy – Colorado – Protection of Medical Records |
360 |
United States Privacy – Colorado – Patient Records |
361 |
United States Privacy – Colorado – Mental health records |
362 |
United States Privacy – Colorado – Access to Patient Medical Records |
363 |
United States Privacy – Connecticut – Confidentiality of medical records |
364 |
United States Privacy – Connecticut – Medical Records |
365 |
United States Privacy – Connecticut – Department of Health Services – Medical Records |
366 |
United States Privacy – Delaware – Informed Consent and Confidentiality – Genetic Information |
367 |
United States Privacy – Delaware – Informed Consent and Confidentiality – Confidentiality of Personal Health Information |
368 |
United States Privacy – District of Columbia – Mental Health Information |
369 |
United States Privacy – Florida – Patient Records |
370 |
United States Privacy – Georgia – Health Records |
371 |
United States Privacy – Georgia – Clinical Records |
372 |
United States Privacy – Hawaii – Health Care Privacy Harmonization Act |
373 |
United States Privacy – Hawaii – Medical Records |
374 |
United States Privacy – Illinois – Health Care Records |
375 |
United States Privacy – Indiana – Health Records and Identifying Information Protection |
376 |
United States Privacy – Indiana – Health Records |
377 |
United States Privacy – Kansas – Health Care Data |
378 |
United States Privacy – Kentucky – Privacy of health information |
379 |
United States Privacy – Louisiana Health Care Consumers’ Right to Know |
380 |
United States Privacy – Louisiana – Hospital Records and Retention Act |
381 |
United States Privacy – Louisiana – Prohibitions on the Use of Medical Information and Genetic Test Results |
382 |
United States Privacy – Maine – Patient Access to Hospital Medical Records |
383 |
United States Privacy – Maryland – Confidentiality of Medical Records |
384 |
United States Privacy – Massachusetts – Inspection of Health Records |
385 |
United States Privacy – Michigan – Medical Records Access Act |
386 |
United States Privacy – Minnesota – Minnesota Health Records Act |
387 |
United States Privacy – Mississippi – Hospital Records – Preparation, Preservation & Destruction |
388 |
United States Privacy – Mississippi – Medical Records |
389 |
United States Privacy – Montana – Health Care Information Privacy Requirements for Providers Subject to HIPAA |
390 |
United States Privacy – Montana – Uniform Health Care Information |
391 |
United States Privacy – Montana – Government Health Care Information |
392 |
United States Privacy – Nebraska – Medical Records |
393 |
United States Privacy – Nevada – Healing Arts Generally |
394 |
United States Privacy – Nevada – Electronic transmission of health information |
395 |
United States Privacy – Nevada – Health Information Exchanges |
396 |
United States Privacy – New Hampshire – Medical Records, Patient Information, and the Health Information Organization Corporation |
397 |
United States Privacy – New Jersey – Health Insurance Carrier Computerized Records |
398 |
United States Privacy – New Mexico – Health and Hospital Records |
399 |
United States Privacy – New Mexico – Health Information Systems |
400 |
United States Privacy – New Mexico – Electronic Medical Records |
401 |
United States Privacy – New Mexico – Genetic Information Privacy |
402 |
United States Privacy – New York – Public Health – General Provisions |
403 |
United States Privacy – North Dakota – Health Information Protection |
404 |
United States Privacy – Ohio – Protected Health Information |
405 |
United States Privacy – Oregon – Protected Health Information |
406 |
United States Privacy – Pennsylvania – Medical Records Services |
407 |
United States Privacy – Pennsylvania – Privacy of Consumer Health Information |
408 |
United States Privacy – Rhode Island – Confidentiality of Health Care Information Act |
409 |
United States Privacy – Rhode Island – Rhode Island Health Information Exchange Act of 2008 |
410 |
United States Privacy – Rhode Island – Privacy of Consumer Health Information |
411 |
United States Privacy – Rhode Island – Medical Records |
412 |
United States Privacy – South Carolina – Mental Illness / Substance Abuse Records |
413 |
United States Privacy – South Carolina – Physicians’ Patient Records Act |
414 |
United States Privacy – South Carolina – Prescription Information Privacy Act |
415 |
United States Privacy – South Carolina – Privacy of Genetic Information |
416 |
United States Privacy – South Dakota – Release of Medical Records |
417 |
United States Privacy – South Dakota – Transfer or Destruction of Patient Records |
418 |
United States Privacy – Tennessee – Medical Records |
419 |
United States Privacy – Tennessee – Vital Records Act of 1977 |
420 |
United States Privacy – Tennessee – Medical Records Act of 1974 |
421 |
United States Privacy – Tennessee – Hospital Records as Evidence |
422 |
United States Privacy – Tennessee – Patient’s Privacy Protection Act |
423 |
United States Privacy – Texas – Medical Records Privacy |
424 |
United States Privacy – Texas – Hospital Medical Records |
425 |
United States Privacy – Texas – Insurance Code – Privacy of Health Information |
426 |
United States Privacy – Texas – Insurance Consumer Health Information Privacy |
427 |
United States Privacy – Utah – Access to Medical Records |
428 |
United States Privacy – Vermont – Health Care Privacy |
429 |
United States Privacy – Vermont – Health – Disclosure of information |
430 |
United States Privacy – Virginia – Health Information |
431 |
United States Privacy – Virginia – Health Records |
432 |
United States Privacy – Washington – Health Information |
433 |
United States Privacy – Washington – Medical Records – Health Care Information Access and Disclosure |
434 |
United States Privacy – Washington – Medical Records Retention and Preservation |
435 |
United States Privacy – West Virginia – Health Care Records |
436 |
United States Privacy – Wisconsin – Health Care Records |
437 |
United States Privacy – Wisconsin – Health Care Information |
438 |
United States Privacy – Wisconsin – Insurers: Disclosure of Personal Medical Information |
439 |
United States Privacy – Wyoming – Hospital Records and Information |
440 |
United States Privacy – Connecticut – State Contractors Confidential Information |
441 |
United States Privacy – Florida – Security of confidential personal information |
442 |
United States Privacy – Georgia – Disclosure of Certain Customer Information |
443 |
United States Privacy – Illinois – Personal Information Protection Act (2016) |
444 |
United States Privacy – Indiana – Notice of Security Breach |
445 |
United States Privacy – Kentucky – Records Containing Personally Identifiable Information |
446 |
United States Privacy – Kentucky – Personal Information Security and Breach Investigations |
447 |
United States Privacy – Maryland – Protection of Information by State Agencies |
448 |
United States Privacy – Massachusetts – Security Breaches |
449 |
United States Privacy – Montana – State Agency Protection of Personal Information |
450 |
United States Privacy – Montana – Computer Security Breach |
451 |
United States Privacy – Nevada – Breach of State Agency Information System |
452 |
United States Privacy – New Mexico – Data Breach Notification Act |
453 |
United States Privacy – New York – Internet Security and Privacy Act |
454 |
United States Privacy – Ohio – Personal Information Systems |
455 |
United States Privacy – Oklahoma – Disclosure of breach of security of computerized personal information |
456 |
United States Privacy – Rhode Island – Rhode Island Identity Theft Protection Act of 2015 |
457 |
United States Privacy – Tennessee – Report to comptroller of treasury |
|
Payment Card Industry Data Security Standard 3.2 (PCI 3.2) |