Regulatory Flashcards
What is Federal Information Security Management (FISMA)
FISMA - 2002 - Applies to all Federal Agencies or companies that receive grant money. Requires implementation of information security controls that use a risk-based approach. Handles security by enumerating risks
What is NIST
Created in early 1900’s to develop standards for weights and measures. Serves to promote technology and innovation in the US
What is FedRAMP
Federal Risk and Authorization Management Program - Defines rules for for government agencies that contract with cloud providers. More stringent than FISMA
What is HIPAA
Protects data of patients in the US healthcare system.
What is Sarbanes Oxley Act (SOX)
SOX - Regulates financial data, operations and assets for publicly held companies.
Gramm-Leach-Bliley Act (GLBA)
1999 - Aims to protect information (PII) which is any data belonging to customers of financial institutions. Every record must be secured against unauthorized access, tracking of access to records, and notify customers when their information is shared.
What is CIPA
Childrens Internet Protection Act of 2000 requires schools and libraries to prevent children from accessing obscene or harmful content of the internet
What is COPPA
1988 - Protects the privacy of minors younger than 13 by restricting organizations from collecting PII, obtain parental consent and notify parents of data collection. Difficult because it’s hard to determine users age accurately
What is FERPA
Family Education Rights and Privacy Act of 1974 - Applies to students and defines how institutions must handle student records to protect them and how people can view or share them.
What is GDPR
2018 - GDRP covers data protection privacy for everyone in the EU. Requires consent before collecting any data, famous for cookie banner
What is PCI DSS
Payement Card Industry Data Security Standard - Made for credit card processing companies
What is FCRA
1970 - Fair Credit Reporting Act - Regulates how private businesses use personal information. Three agencies that do this
EU Directive 95/46/EC
The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union and the free movement of such data.