Compliance

U.S. Federal Standards

NIST 800-53

    • Focus: Security and privacy controls for federal information systems.

    • Applies toAny U.S. federal contractor or agency.

NIST 800-63

    • Focus: Digital identity guidelines (authentication, identity proofing).

    • Applies toFederal systems handling digital identities.

NIST CSF 2.0

    • Focus: Cybersecurity risk management framework (Identify, Protect, Detect, Respond, Recover).

    • Applies toVoluntary for most, but mandated for U.S. federal agencies.

CUI

    • Focus: Safeguarding and dissemination controls for sensitive unclassified information (e.g., technical, financial, or proprietary data).
    • Applies to: Federal agencies, contractors, and any organization handling CUI under federal contracts or agreements.
  •  

 

International & Industry Standards

ISO/IEC 27001

    • Focus: Requirements for information security management systems (ISMS).

    • StatusNot legally required, but globally recognized best practice.

ISO/IEC 27002

    • Focus: Implementation guidance for ISO 27001 controls.

    • StatusAdvisory companion to ISO 27001.

SOC 2

    • Focus: Security, availability, processing integrity, confidentiality, and privacy of customer data.

    • Applies toService organizations (SaaS, cloud providers).

GDPR

    • Focus: Protection of EU/EEA citizen data (right to erasure, breach reporting).

    • Applies toAny global company processing EU resident data.

CCPA

    • Focus: Privacy rights for California residents (data access, opt-out of sales).

    • Applies toCompanies with CA resident data meeting revenue/data thresholds.

PCI DSS

    • Focus: Securing cardholder data (encryption, access controls).

    • Applies toAny entity handling credit/debit card transactions.


 

Sector-Specific Regulations

HIPAA

    • Focus: Protection of healthcare data (PHI).

    • Applies toHealthcare providers, insurers, and business associates.

GLBA

    • Focus: Financial data protection (privacy notices, safeguards).

    • Applies toBanks, lenders, insurance companies, and financial advisors.

SOX

    • Focus: Financial reporting integrity and auditing.

    • Applies toAll U.S. publicly traded companies.

FERPA

    • Focus: Privacy of student education records.

    • Applies toU.S. educational institutions receiving federal funding.