Authority Documents in the Common Controls Hub

The Common Controls Hub contains every regulation, statute, bill, audit guideline, best practice, and all other documents mapped into the Unified Compliance Framework, whether redacted or current. Head over there to see it in action and sign up for your Free Trial.

This list may be sorted by column headers: Official Name, Ad Status, Parent Category, Ad Type, and Originator which links to the original location the document was found when mapped to the UCF.

Our legal team determined we must maintain the original source location for authority documents, i.e., the URL used to originally obtain the document. Over time, organizations modify their web sites and the links may change. However, unless we re-map an Authority Document, the original link location will remain as the link of record. This is not an error. The UCF is a legal reference and follows legal guidance. If you receive a link error and want to find a document, please use a search engine.

Sort by clicking on the column headers.

Official NameAD StatusParent CategoryAD TypeOriginator
PCAOB Auditing Standard No. 2ReleasedNorth AmericaSafe HarborUS Public Company Accounting Oversight Board
Oregon Consumer Identity Theft Protection Act, Senate Bill 583RedactedNorth AmericaRegulation or StatuteOregon Legislature
17 CFR Part 210.2-06, Retention of Audit and Review RecordsReleasedNorth AmericaRegulation or StatuteUS Security and Exchange Commission
Basel II: International Convergence of Capital Measurement and Capital Standards - A Revised FrameworkReleasedBanking and Finance OrganizationsRegulation or StatuteBasel Committee on Banking Supervision
Form and Style Manual for Legislative Measures, Sep 23, 1999ReleasedNorth AmericaSafe HarborIndiana General Assembly
Maryland Commercial Law, Subtitle 35, Maryland Personal Information Protection Act, Sections 14-3501 thru 14-3508ReleasedNorth AmericaRegulation or StatuteMaryland General Assembly
Alaska Personal Information Protection Act, Chapter 48ReleasedNorth AmericaRegulation or StatuteAlaska State Legislature
South Carolina Code of Laws, Section 1-11-490, Breach of security of state agency data notification, 2008 SessionReleasedNorth AmericaRegulation or StatuteSouth Carolina State Legislature
Tennessee Code, Title 47, Chapter 1,8 Part 21, Identity Theft Deterrence, Sections 47-18-2101 thru 47-18-2110ReleasedNorth AmericaRegulation or StatuteTennessee General Assembly
Conflict-Free Smelter (CFS) Program Audit Procedure for Tin, Tantalum, and Tungsten, 21 December 2012ReleasedEnergy OrganizationsSafe HarborElectronic Industry Citizenship Coalition
21 CFR Part 11, Electronic Records; Electronic SignaturesReleasedNorth AmericaRegulation or StatuteUS Food and Drug Administration
VISA CISP: What to Do If Compromised Visa Fraud Control and Investigation Procedures, Version 1.0 December 2008ReleasedPayment Card OrganizationsBest Practice GuidelineVisa
Federal Information System Controls Audit Manual (FISCAM), February 2009ReleasedNorth AmericaBest Practice GuidelineUS General Accounting Office
Design Criteria Standard for Electronic Records Management Software Application, DoD 5015.2ReleasedNorth AmericaInternational or National StandardUS Department of Defense
CISWG Information Security Program Elements, 10-Jan-05ReleasedNorth AmericaSafe HarborCorporate Information Security Working Group
The Sedona Conference Glossary: E-Discovery & Digital Information Management, Second EditionReleasedInternationalBest Practice GuidelineThe Sedona Conference
Appendix III to OMB Circular No. A-130: Security of Federal Automated Information ResourcesReleasedNorth AmericaRegulation or StatuteUS White House (Office of the President)
12 CFR Part 748, NCUA Guidelines for Safeguarding Member Information, July 1, 2001ReleasedNorth AmericaSafe HarborUS National Credit Union Administration
Information Security Forum Standard of Good Practice for Information Security, 2011RedactedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
Federal Rules of Evidence, 2012ReleasedNorth AmericaRegulation or StatuteNational Conference of Commissioners on Uniform State Laws
Common Configuration Enumeration (CCE): Unique Identifiers for Common System Configuration IssuesRedactedConfigurationAudit GuidelineMITRE
Guidance on Mandatory Roles (AO, SIRO, IAO), March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
ASCDI/NATD Anti-Counterfeit Policy, Revision 1ReleasedInternationalSelf-Regulatory Body RequirementAssociation of Service and Computer Dealers International and the North American Association of Telecommunications Dealers
Anti-Counterfeiting Trade AgreementReleasedAsiaSafe HarborNational Diet of Japan
Illinois Compiled Statutes, Chapter 815, ILCS 530/Personal Information Protection Act.ReleasedNorth AmericaRegulation or StatuteIllinois General Assembly
Rhode Island General Law, Chapter 11-49.2, Identity Theft Protection, Sections 11-49.2-1 thru 11-49. 2-4, 2008 General LawsReleasedNorth AmericaRegulation or StatuteRhode Island General Assembly
Virginia Code, Title 18.2, Chapter 6, Breach of personal information notification, Section 18.2-186.6ReleasedNorth AmericaRegulation or StatuteVirginia General Assembly
SAE AS 5553: Fraudulent/Counterfeit Electronic Parts; Avoidance, Detection, Mitigation, and Disposition, Revision AReleasedInternationalInternational or National StandardSAE International
District of Columbia Official Code, Division V Local Business Affairs, Title 28. Commercial Instruments and Transactions, Chapter 38. Consumer Protections, Subchapter II. Consumer Security Breach NotificationReleasedNorth AmericaRegulation or StatuteDistrict of Columbia City Council
6 CFR Part 27, Chemical Facility Anti-Terrorism Standards (CFATS), Department of Homeland SecurityReleasedNorth AmericaRegulation or StatuteUS Department of Homeland Security
An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule, NIST SP 800-66, Revision 1ReleasedNorth AmericaSafe HarborUS National Institute of Standards and Technology
OGC ITIL: Application ManagementRedactedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
Aviation and Transportation Security Act, Public Law 107 Released-71, November 2001, November 2001ReleasedNorth AmericaRegulation or StatuteUS Transportation Security Administration
CobiT, 3rd EditionRedactedInternationalSafe HarborISACA
Business Continuity Institute (BCI) Good Practice Guidelines, 2005ReleasedRisk Management OrganizationsBest Practice GuidelineThe Business Continuity Institute
Iowa Code Annotated, Section 714.16B, Civil Cause of ActionReleasedNorth AmericaRegulation or StatuteIowa General Assembly
BSI-Standard 100-2 IT-Grundschutz Methodology, Version 2.0ReleasedEuropeInternational or National StandardBundesamt für Sicherheit in der Informationstechnik, Federal Office for Information Security (BSI) (Germany)
Oklahoma Administrative Code, Title 375, Chapter 40, Oklahoma Identity Theft Passport Program, Sections 375:40-1-1 thru 375:40-1-11ReleasedNorth AmericaRegulation or StatuteOklahoma State Legislature
Revised Code of Washington, Title 19, Chapter 19.215, Disposal of personal information, Sections 19.215.005 thru 19.215.030ReleasedNorth AmericaRegulation or StatuteWashington State Legislature
Wisconsin Act 138 Notice of unauthorized acquisition of personal informationRedactedNorth AmericaBill or ActWisconsin State Legislature
5 USC § 552a, Records maintained on individuals (Privacy Act of 1974)ReleasedNorth AmericaRegulation or StatuteUS Department of Justice
BITS Financial Services Roundtable Standardized Information Gathering Questionnaire, 4.0RedactedNorth AmericaAudit GuidelineThe Financial Services Roundtable
10 CFR Part 73.54, Protection of digital computer and communication systems and networksReleasedNorth AmericaRegulation or StatuteUS Nuclear Regulatory Commission
Missouri Revised Statutes, Chapter 407 Merchandising Practices. Section 407.1500ReleasedNorth AmericaRegulation or StatuteMissouri General Assembly
SANS Computer Security Incident Handling, Version 2.3.1ReleasedSecurity and Privacy OrganizationsBest Practice GuidelineSANS Institute
Colorado Consumer Credit Solicitation Protection, CO HB 04-1274ReleasedNorth AmericaRegulation or StatuteColorado State Legislature
HITRUST Common Security FrameworkNot ApplicableGeneral GuidanceSelf-Regulatory Body Requirement
16 CFR Part 310, Amendments to the FTC Telemarketing Sales RuleReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
Connecticut law Concerning Nondisclosure of Private Tenant Information, CT HB 5184ReleasedNorth AmericaRegulation or StatuteConnecticut General Assembly
Florida Personal Identification Information/Unlawful Use, FL HB 481RedactedNorth AmericaRegulation or StatuteFlorida State Legislature
Georgia Code, Title 10, Chapter 1, Article 34, Sections 10-1-911 thru 10-1-915, Notification required upon breach of security regarding personal informationReleasedNorth AmericaRegulation or StatuteGeorgia General Assembly
CI Security Persistent IdentifiersRedactedConfigurationBest Practice GuidelineThe Center for Internet Security
Montana bill to Implement Individual Privacy and to Prevent Identity Theft, MT HB 732RedactedNorth AmericaRegulation or StatuteMontana State Legislature
New Jersey Identity Theft Prevention Act, NJ A4001/S1914RedactedNorth AmericaRegulation or StatuteNew Jersey State Legislature
Application of risk management for IT-networks incorporating medical devices Part 1: Roles, responsibilities and activities, Edition 1.0 2010-10ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Ohio Personal information - contact if unauthorized access, OH HB 104RedactedNorth AmericaRegulation or StatuteOhio State General Assembly
NSA Guide to Securing Microsoft Windows 2000 Group Policy, Version 1.1ReleasedNorth AmericaBest Practice GuidelineUS National Security Agency
Vermont Relating to Identity Theft , VT HB 327RedactedNorth AmericaRegulation or StatuteVermont Legislature
AICPA Incident Response Plan: Template for Breach of Personal InformationReleasedNorth AmericaBest Practice GuidelineAmerican Institute of Certified Public Accountants
MasterCard Electronic Commerce Security Architecture Best Practices, April 2003ReleasedPayment Card OrganizationsBest Practice GuidelineMasterCard
§ 1724 California Civil Code, April 10, 2007RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Minnesota Plastic Card Security Act H.F. 1758RedactedNorth AmericaRegulation or StatuteMinnesota State Legislature
Australian Government ICT Security Manual (ACSI 33)ReleasedAustralia-OceaniaBest Practice GuidelineDefense Signals Directorate of the Australian Government
UN Guidelines for the Regulation of Computerized Personal Data Files (1990)ReleasedInternationalInternational or National StandardUnited Nations
Financial Reporting Council, Combined Code on Corporate Governance, June 2008ReleasedEuropeInternational or National StandardFinancial Reporting Council
Canada Privacy Act, P-21ReleasedNorth AmericaRegulation or StatuteOffice of the Privacy Commissioner of Canada
Corporate Governance in listed Companies - Clause 49 of the Listing AgreementReleasedAsiaRegulation or StatuteParliament of India
Austria Data Protection ActReleasedEuropeRegulation or StatuteAustrian Parliament
Bosnia Law on Protection of Personal DataReleasedEuropeRegulation or StatuteThe Parliamentary Assembly of Bosnia and Herzegovina
German Federal Data Protection Act, September 14, 1994ReleasedEuropeRegulation or StatuteThe German Bundestag
Law of 2 August 2002 on the Protection of Persons with Regard to the Processing of Personal DataReleasedEuropeRegulation or StatuteChamber of Deputies of the Grand Duchy of Luxembourg
Sweden Personal Data Act (1998:204)ReleasedEuropeRegulation or StatuteRiksdag of Sweden
21 CFR Part 820, Subchapter H - Medical Devices, Part 820 Quality System RegulationReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
Switzerland Federal Act of 19 June 1992 on Data Protection (FADP)ReleasedEuropeRegulation or StatuteFederal Assembly of Switzerland
Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce in the Private Sector (version 1.0), Version 1.0RedactedAsiaBest Practice GuidelineMinistry of International Trade and Industry
Taiwan Computer-Processed Personal Data Protection Law 1995ReleasedAsiaInternational or National StandardThe Legislative Yuan of Republic of China
US Department of Commerce EU Safe Harbor Privacy Principles, U.S. - Switzerland Safe Harbor FrameworkRedactedNorth AmericaInternational or National StandardUS Department of Commerce
Exchange2007SP3 CAS Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Implementation Guide for OMB Circular A-123 Management's Responsibility for Internal ControlReleasedNorth AmericaSafe HarborUS Office of Management and Budget
Act No. 119 of 1988 as amended, taking into account amendments up to Freedom of Information Amendment (Parliamentary Budget Office) Act 2012ReleasedAustralia-OceaniaBill or ActParliament of Australia
General Laws of Massachusetts, Part I, Title XV, Chapter 93H, Security BreachesReleasedNorth AmericaRegulation or StatuteThe General Court of the Commonwealth of Massachusetts
A Risk-Based Approach to Operation of GxP Computerized SystemsRedactedHealthcare and Life Science OrganizationsBest Practice GuidelineInternational Society for Pharmaceutical Engineering
Idaho Code, Title 28 Commercial Transactions, Chapter 51 Identity TheftReleasedNorth AmericaRegulation or StatuteIdaho Legislature
CODE OF CORPORATE GOVERNANCE 2005ReleasedAsiaRegulation or StatuteCouncil on Corporate Disclosure and Governance
Arizona Revised Statues, Section 44-7501, Notification of breach of security systemReleasedNorth AmericaRegulation or StatuteArizona State Legislature
German Corporate Governance Code ("The Code"), June 6, 2008ReleasedEuropeRegulation or StatuteGerman Government Commission
The Dutch corporate governance code, Principles of good corporate governance and best practice provisions, 9 December 2003ReleasedEuropeRegulation or StatuteDutch Corporate Governance Committee
The King Committee on Corporate Governance, Executive Summary of the King Report 2002, March 2002ReleasedAfricaRegulation or StatuteInstitute of Directors in Southern Africa
EudraLex, The Rules Governing Medicinal Products in the European Union, Volume 4 Good Manufacturing Practice, Medicinal Products for Human and Veterinary Use Annex 11: Computerised Systems, SANCO/C8/AM/sl/ares(2010)1064599ReleasedEuropeBest Practice GuidelineEuropean Commission Health and Consumers Directorate-General
Swedish Code of Corporate Governance; A Proposal by the Code Group, Stockholm 2004ReleasedEuropeRegulation or StatuteThe Code Group (Sweden)
17 CFR Part 240.15d-15, Controls and ProceduresReleasedNorth AmericaRegulation or StatuteUS Security and Exchange Commission
PE 009-8, Guide to Good Manufacturing Practice for Medicinal Products, Annex 11, 15 January 2009ReleasedHealthcare and Life Science OrganizationsSafe HarborPharmaceutical Inspection Cooperation Scheme
BIS Sound Practices for the Management and Supervision of Operational RiskReleasedBanking and Finance OrganizationsBest Practice GuidelineBasel Committee on Banking Supervision
16 CFR Part 313, Privacy of Consumer Financial InformationReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
URAC Health Utilization Management Standards, Version 6ReleasedHealthcare and Life Science OrganizationsSafe HarborURAC
Portuguese Act on the Protection of Personal Data 67/98ReleasedEuropeRegulation or StatuteAssembly of the Republic
A Ten Step Process for Forensic ReadinessReleasedInternationalBest Practice GuidelineInternational Journal of Digital Evidence
Belgian Law of 8 December 1992 on the protection of privacy in relation to the processing of persona, Unofficial English Translation November 2008ReleasedEuropeRegulation or StatuteThe Belgian Federal Parliament
Pennsylvania Statutes, Title 73, Trade and Commerce, Chapter 43, Breach of Personal Information Notification Act, Sections 2301 thru 2329, 2009 StatutesReleasedNorth AmericaRegulation or StatutePennsylvania General Assembly
West Virginia Code Chapter 46A Article 2A Breach of Security of Consumer Information § 46A-2A-101 thru § 46A-2A-105, 2009 Legislative SessionReleasedNorth AmericaRegulation or StatuteWest Virginia State Legislature
SWGDE Best Practices for Computer Forensics, 2.1ReleasedInternationalBest Practice GuidelineScientific Working Group on Digital Evidence
Puerto Rico Code, Title 10, Subtitle 3, Chapter Citizen Information on Data Banks Security Act, 10 L.P.R.A. Section 4051, 2005ReleasedNorth AmericaRegulation or StatuteLegislative Assembly of Puerto Rico
Maine Legislative Drafting Manual, 1st EditionReleasedNorth AmericaSafe HarborMaine State Legislature
NASD ManualReleasedNorth AmericaInternational or National StandardNational Association of Securities Dealers
Washington DC Consumer Personal Information Security Breach Notification Act of 2006RedactedNorth AmericaRegulation or StatuteDistrict of Columbia City Council
ACPO Good Practice Guidefor Digital Evidence, March 2012ReleasedEuropeBest Practice GuidelineAssociation of Chief Police Officers
Wyoming Statutes, Title 40, Article 5, Breach of the security of the data system, Sections 40-12-501 thru 40-12-509ReleasedNorth AmericaRegulation or StatuteWyoming State Legislature
42 CFR Part 3, Patient Safety and Quality Improvements, Final RuleReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
Revised Code of Washington, Title 19, Chapter 19.255, Personal information - notice of security breaches, Section 19.255.010ReleasedNorth AmericaRegulation or StatuteWashington State Legislature
Protection of Information Act 84 of 1982ReleasedAfricaBill or ActParliament of the Republic of South Africa
US Department of Energy Cyber Security Program Media Clearing, Purging, and Destruction Guidance: DOE CIO Guidance CS-11, January 2007ReleasedNorth AmericaBest Practice GuidelineUS Office of the Chief Information Officer (CIO)
Kansas Statutes, Chapter 50, Article 7a, Protection Of Consumer InformationReleasedNorth AmericaRegulation or StatuteKansas State Legislature
State of Arizona Standard P800-S880, Revision 2.0: Media Sanitation/Disposal, Revision 2.0ReleasedNorth AmericaRegulation or StatuteArizona
Utah Code, Title 13-44, Protection of Personal Information ActReleasedNorth AmericaRegulation or StatuteUtah Legislature
Shared Assessments Standardized Information Gathering Questionnaire - A. Risk Management, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
South Carolina Code of Laws, Sections 16-13-512, Credit Card, and 39-1-90, Breach of security of business data notification, 2008 SessionReleasedNorth AmericaRegulation or StatuteSouth Carolina State Legislature
Vermont Statute, Title 9, Chapter 62, Protection of Personal Information, Sections 2430, 2435, 2440, 2445ReleasedNorth AmericaRegulation or StatuteVermont Legislature
OECD Due Diligence Guidance for Responsible Supply Chains of Minerals from Conflict-Affected and High-Risk Areas, Second EditionReleasedBanking and Finance OrganizationsSafe HarborThe Organisation for Economic Cooperation and Development (OECD)
Army Regulation 380-19: Information Systems Security, February 27, 1998ReleasedNorth AmericaRegulation or StatuteUS Army
Denmark, The Act on Processing of Personal DataReleasedEuropeRegulation or StatuteFolketinget
Conflict-Free Smelter (CFS) Program Supply Chain Transparency Smelter Audit Protocol for Tin, Tantalum and Tungsten, December 21, 2012ReleasedEnergy OrganizationsSafe HarborElectronic Industry Citizenship Coalition
FERC Security Program for Hydropower Projects, Revision 1RedactedNorth AmericaInternational or National StandardUS Federal Energy Regulatory Commission
FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions, 7th EditionReleasedAsiaSelf-Regulatory Body RequirementThe Center for Financial Industry Information Systems
American Express Data Security Standard (DSS)ReleasedPayment Card OrganizationsContractual ObligationAmerican Express
United States District Court of Maryland, Suggested Protocol for Discovery of Electronically Stored InformationRedactedNorth AmericaBill or ActMaryland
Uniform Electronic Transactions Act (UETA) (1999)ReleasedNorth AmericaRegulation or StatuteNational Conference of Commissioners on Uniform State Laws
Massachusetts 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth of MassachusettsReleasedNorth AmericaRegulation or StatuteThe General Court of the Commonwealth of Massachusetts
Form I-129, Petition for a Nonimmigrant Worker, 11/23/10ReleasedNorth AmericaSafe HarborUS Citizenship and Immigration Services
ISPA Take-down notification procedure, version 3.2ReleasedAfricaSafe HarborSouth Africa Internet Service Providers' Association
GAO/PCIE Financial Audit Manual (FAM)ReleasedNorth AmericaBest Practice GuidelineUS General Accounting Office
Corporate Information Security Working Group: Report of the best practices and metrics teams; subcommittee on technology, information policy, intergovernmental relations and the census; Government Reform Committee, United States House of RepresentativesReleasedNorth AmericaBest Practice GuidelineCorporate Information Security Working Group
The Sedona Principles Addressing Electronic Document ProductionReleasedInternationalBest Practice GuidelineThe Sedona Conference
Criminal Justice Information Services (CJIS) Security Policy, CJISD-ITS-DOC-08140-5.2, Version 5.2ReleasedNorth AmericaOrganizational DirectiveUS Federal Bureau of Investigation
Marine Corps Order 5511.11D; Technical Surveillance Countermeasures (TSCM) ProgramReleasedNorth AmericaOrganizational DirectiveUS Marine Corps
Intelligence Community Directive Number 702, Technical Surveillance CountermeasuresReleasedNorth AmericaOrganizational DirectiveDirectorate of National Intelligence
The DIRKS Manual: A Strategic Approach to Managing Business Information, rev. July 2003ReleasedAustralia-OceaniaBest Practice GuidelineNational Archives of Australia
Individual Member Anti-Counterfeit PolicyReleasedInternationalBest Practice GuidelineAssociation of Service and Computer Dealers International and the North American Association of Telecommunications Dealers
New Jersey Permanent Statutes, Title 56, Security of Personal InformationReleasedNorth AmericaRegulation or StatuteNew Jersey State Legislature
California Public Records Military Veteran Discharge Documents, California Assembly Bill 1798, 06/26/2002RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Guidance on non-mandatory roles, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Montana Code - Part 17: IMPEDIMENT OF IDENTITY THEFTReleasedNorth AmericaRegulation or StatuteMontana State Legislature
Overarching DoD Counterfeit Prevention Guidance, Memorandum for Secretaries of the Military Departments, Directors of the Defense AgenciesReleasedNorth AmericaBest Practice GuidelineOffice of the Under Secretary of Defense for Acquisition, Technology, and Logistics
Addressing the Sale of Counterfeits on the InternetReleasedInternationalBest Practice GuidelineInternational Trademark Association
North Dakota Century Code, Chapter 51-30, Notice of Security Breach For Personal InformationReleasedNorth AmericaRegulation or StatuteNorth Dakota Legislative Assembly
SAE AS6081, Fraudulent/Counterfeit Electronic Parts: Avoidance, Detection, Mitigation, and Disposition - DistributorsReleasedInternationalInternational or National StandardSAE International
CA Civil Code 1798.84RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Arkansas Code, Title 4 Business and Commercial Law, Subtitle 7 Consumer Protection, Chapter 110 Personal Information, Sections 4-110-103 thru 4 -110-105, Personal Information Protection ActReleasedNorth AmericaRegulation or StatuteArkansas General Assembly
OGC ITIL: ICT Infrastructure ManagementRedactedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks, NIOSH, May 2002, DHHS (NIOSH) Publication No. 2002-139, May 2002ReleasedNorth AmericaSafe HarborUS Center for Disease Control and Prevention (CDC)
Oregon Revised Statutes, Chapter 646a, Sections 646A.600 thru 646A.624, Identity Theft Protection Act, 2007 StatutesReleasedNorth AmericaRegulation or StatuteOregon Legislature
Strategies to Mitigate Targeted Cyber IntrusionsReleasedAustralia-OceaniaBest Practice GuidelineDefense Signals Directorate of the Australian Government
Visa Data Field Encryption, Version 1.0ReleasedPayment Card OrganizationsBest Practice GuidelineVisa
Responsible Care Security Code of Management Practices, American Chemistry CouncilReleasedNorth AmericaSafe HarborAmerican Chemistry Council
APRA Prudential Practice Guide 234: Management of security risk in information and information technologyReleasedAustralia-OceaniaSafe HarborAustralian Prudential Regulation Authority
CobiT, Version 4.1ReleasedInternationalSafe HarborISACA
ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals, May 15, 2009ReleasedInternationalInternational or National StandardStandards Board of the Information Systems Audit and Control Association
National Incident Management System (NIMS), Department of Homeland Security, December 2008ReleasedNorth AmericaInternational or National StandardUS Federal Emergency Management Agency (FEMA)
Code of Alabama, Article 10, The Consumer Identity Protection Act, Sections 13A-8-190 thru 13A-8-201ReleasedNorth AmericaRegulation or StatuteAlabama State Legislature
Disaster / Emergency Management and Business Continuity, NFPA 1600, 2007 EditionReleasedNorth AmericaInternational or National StandardNational Fire Protection Association
DOT Physical Security Survey ChecklistReleasedNorth AmericaInternational or National StandardUS Department of Transportation
ISF Security Audit of NetworksReleasedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
IIA Global Technology Audit Guide (GTAG) 1: Information Technology ControlsReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
ISSA Generally Accepted Information Security Principles (GAISP), Version 3.0ReleasedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Systems Security Association
Kentucky Revised Statutes, Title III, Chapter 15, Section 113, Prevention of Identity TheftReleasedNorth AmericaRegulation or StatuteKentucky State Legislature
CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE)RedactedNorth AmericaBest Practice GuidelineUS Computer Emergency Response Team
Registration Authority (RA) RequirementsReleasedNorth AmericaSafe HarborUS Federal PKI Policy Authority
Ireland Consolidated Data Protection Acts of 1988 and 2003ReleasedEuropeRegulation or StatuteOireachtas
Common Configuration Enumeration List, Combined XML: AIX 5.3, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Information Technology Security Evaluation Manual (ITSEM), Version 1.0ReleasedEuropeSafe HarborCommission of the European Communities
Information Technology Security Evaluation Criteria (ITSEC)ReleasedEuropeInternational or National StandardDepartment of Trade and Industry, London
Colorado Prohibiting Inclusion of Social Security Number, CO HB 04-1311ReleasedNorth AmericaRegulation or StatuteColorado State Legislature
Connecticut law Requiring Consumer Credit Bureaus to Offer Security Freezes, CT SB 650ReleasedNorth AmericaRegulation or StatuteConnecticut General Assembly
Delaware Code, Title 6, Commerce and Trade, Subtitle II, Other Laws Relating to Commerce and Trade, Chapter 12B, Computer Security Breaches, Sections 12B-101 thru 104ReleasedNorth AmericaRegulation or StatuteDelaware General Assembly
Georgia Public employees; Fraud, Waste, and Abuse, GA HB 656ReleasedNorth AmericaBill or ActGeorgia General Assembly
Colima Personal Data Protection Law (Decree No. 356)ReleasedNorth AmericaRegulation or StatuteCongress of the State of Colima
Guanajuato Personal Data Protection LawReleasedNorth AmericaRegulation or StatuteCongress of the State of Guanajuato
Jalisco (Civil Code of the State of Jalisco (Article 40 Bis 1 to Article 40 Bis 39)ReleasedNorth AmericaRegulation or StatuteCongress of the State of Jalisco
Tlaxcala Law on Access to Public Information and Personal Data ProtectionReleasedNorth AmericaRegulation or StatuteCongress of the State of Tlaxcala
The Personal Data Protection Law for the Federal District (Mexico City)ReleasedNorth AmericaRegulation or StatuteLegislative Assembly of the Federal District
Payment Card Industry (PCI) Data Security Standard (DSS) and Payment Application Data Security Standard (PA-DSS) Glossary of Terms, Abbreviations, and Acronyms, Version 1.2ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
AICPA Red Flag Rule Identity Theft Prevention Program, November 1, 2009ReleasedNorth AmericaAudit GuidelineAmerican Institute of Certified Public Accountants
North Carolina Security Breach Notification Law (Identity Theft Protection Act of 2005)RedactedNorth AmericaRegulation or StatuteNorth Carolina General Assembly
Automated Integrated Regulatory Examination System (AIRES) IT Exam Questionnaires, version 073106AReleasedNorth AmericaSelf-Regulatory Body RequirementUS National Credit Union Administration
NSA Guide to Security Microsoft Windows XPReleasedNorth AmericaBest Practice GuidelineUS National Security Agency
Organizational Resilience: Security, Preparedness, and Continuity Management Systems -- Requirements with Guidance for Use, ASIS SPC.1-2009ReleasedSecurity and Privacy OrganizationsInternational or National StandardASIS International
Texas Identity Theft Enforcement and Protection Act, TX SB 122RedactedNorth AmericaRegulation or StatuteTexas State Legislature
C-TPAT Supply Chain Security Best Practices CatalogReleasedNorth AmericaBest Practice GuidelineUS Customs and Border Protection
BBBOnline Code of Online Business PracticesReleasedNorth AmericaBest Practice GuidelineUS Better Business Bureau
US Department of Commerce EU Safe Harbor Privacy Principles, U.S. European Union Safe Harbor FrameworkReleasedNorth AmericaInternational or National StandardUS Department of Commerce
Consumer Interests in the Telecommunications Market, Act No. 661ReleasedEuropeInternational or National StandardEuropean Parliament
OECD / World Bank Technology Risk Checklist, Version 7.3ReleasedBanking and Finance OrganizationsAudit GuidelineThe World Bank
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: AIX 5.3, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2, 28 August 2006ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Smith Guidance on Audit Committees, UK FRC, January 2003ReleasedEuropeInternational or National StandardFinancial Reporting Council
US Export Administration Regulations DatabaseReleasedNorth AmericaRegulation or StatuteBureau of Industry and Security (BIS) US Department of Commerce
US The International Traffic in Arms Regulations, April 1, 2008ReleasedNorth AmericaRegulation or StatuteDirectorate of Defense Trade Controls US Department of State
OMB Circular A-123, Management's Responsibility for Internal ControlReleasedNorth AmericaRegulation or StatuteUS Office of Management and Budget
Argentina Personal Data Protection ActReleasedSouth AmericaRegulation or StatuteNational Congress of Argentine
Austria Telecommunications ActReleasedEuropeRegulation or StatuteAustrian Parliament
Denmark Act on Competitive Conditions and Consumer InterestsNot ApplicableEuropeRegulation or StatuteDanish Data Protection Agency
ACH (Automated Clearing House) Operating Rules OCC Bulletin 2004-58, December 2004ReleasedNorth AmericaInternational or National StandardUS Office of the Comptroller of the Currency (OCC)
Finland act on the amendment of the Personal Data Act (986/2000)ReleasedEuropeRegulation or StatuteEduskunta
France Data Processing, Data Files and Individual LibertiesReleasedEuropeRegulation or StatuteFrench Parliament
Canadian Marketing Association Code of Ethics and Standards of PracticeReleasedNorth AmericaBest Practice GuidelineThe Canadian Marketing Association
Greece Law Protection of personal data and privacy in electronic telecommunications sector (Law 3471)ReleasedEuropeRegulation or StatuteHellenic Parliament
Direct Marketing Association - Privacy PromiseNot ApplicableNorth AmericaBest Practice GuidelineDirect Marketing Association
Hungary Protection of Personal Data and Disclosure of Data of Public InterestReleasedEuropeRegulation or StatuteHungarian National Assembly
12 CFR Part 205, Electronic Fund Transfers (Regulation E)ReleasedNorth AmericaRegulation or StatuteUS Congress
Lithuania Law on Legal Protection of Personal DataReleasedEuropeRegulation or StatuteLithuanian Republic Seimas
Glossary of ECM Terms, 12/22/2004ReleasedNorth AmericaNot SetDartmouth University
Poland Protection of Personal Data ActReleasedEuropeRegulation or StatuteParliament of Poland
Committee on National Security Systems Instruction Number 4009, 26 April 2010ReleasedNorth AmericaNot SetCommittee on National Security Systems
Slovak Republic Protection of Personal Data in Information SystemsReleasedEuropeRegulation or StatuteNational Council of the Slovak Republic
Society of American Archivists: A Glossary of Archival and Records Terminology, 2005ReleasedNorth AmericaNot SetSociety of American Archivists
Appendix 1 Correspondence of the System Management Standards - Supplementary Edition to other standardsReleasedAsiaSafe HarborNational Diet of Japan
Australia Better Practice Guide - Business Continuity Management, January 2000ReleasedAustralia-OceaniaBest Practice GuidelineAustralian National Audit Office
Australia Privacy Act 1988ReleasedAustralia-OceaniaRegulation or StatuteParliament of Australia
Japan Handbook Concerning Protection Of Personal Data, February 1998ReleasedAsiaRegulation or StatuteMinistry of International Trade and Industry
Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc.ReleasedAsiaRegulation or StatuteThe National Assembly of the Republic of Korea
New Zealand Privacy Act 1993ReleasedAustralia-OceaniaRegulation or StatuteNew Zealand Parliament
Mac OS X Security Configuration for version 10.4 or later, second edition, Second EditionReleasedConfigurationVendor DocumentationApple Computer
Exchange2007SP3 Edge Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
India Information Technology Act (ITA-2000)ReleasedAsiaRegulation or StatuteParliament of India
DoD Information Assurance Certification and Accreditation Process (DIACAP)RedactedNorth AmericaOrganizational DirectiveUS Department of Defense
PCAOB Auditing Standard No. 3ReleasedNorth AmericaAudit GuidelineUS Public Company Accounting Oversight Board
NYSE Listed Company ManualReleasedNorth AmericaBest Practice GuidelineNew York Stock Exchange
36 CFR Part 1194 Electronic and Information Technology Accessibility StandardsReleasedNorth AmericaRegulation or StatuteUS Architectural and Transportation Barriers Compliance Board
FedRAMP Baseline Security ControlsReleasedNorth AmericaAudit GuidelineUS General Services Administration
Australian Government Information Security Manual: ControlsReleasedAustralia-OceaniaInternational or National StandardAustralian Government Department of Defense Intelligence and Security
Payment Card Industry (PCI) Data Security Standard Security Audit Procedures, Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
42 CFR Parts 412, 413, 422 et al., Medicare and Medicaid Programs; Electronic Health Record Incentive Program, Final RuleReleasedNorth AmericaRegulation or StatuteUS Centers for Medicare and Medicaid Services
Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possessionReleasedNorth AmericaRegulation or StatuteFlorida State Legislature
Oklahoma Statutes, Section 74-3113.1, Disclosure of breach of security of computerized personal informationReleasedNorth AmericaRegulation or StatuteOklahoma State Legislature
Indiana Code 24, Article 4.9, Disclosure of Security BreachReleasedNorth AmericaRegulation or StatuteIndiana General Assembly
Maryland Commercial Law, Title 13, Section 13-317, Use of consumer identification information in connection with credit card paymentsReleasedNorth AmericaRegulation or StatuteMaryland General Assembly
Iowa Code Annotated, Section 715C, Personal Information Security Breach ProtectionReleasedNorth AmericaRegulation or StatuteIowa General Assembly
Good Practices For Computerized systems In Regulated GXP EnvironmentsReleasedHealthcare and Life Science OrganizationsSelf-Regulatory Body RequirementPharmaceutical Inspection Co-Operation Scheme
New Hampshire Statute, Title XXXI, Chapter 359-C, Right to Privacy, Notice of Security BreachReleasedNorth AmericaRegulation or StatuteNew Hampshire General Court
New York General Business Law Chapter 20, Article 39-F, Section 899-aaReleasedNorth AmericaRegulation or StatuteNew York State Legislature
Indiana Code 24, Notice of Security Breach, Chapter 11ReleasedNorth AmericaRegulation or StatuteIndiana General Assembly
AICPA SAS No. 94, The Effect of Information Technology on the Auditor's Consideration of Internal ControlsRedactedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Connecticut Public Act 08-167, An Act Concerning the Confidentiality of Social Security NumbersReleasedNorth AmericaRegulation or StatuteConnecticut General Assembly
17 CFR Part 240.16a-3, Reporting Transactions and HoldingsReleasedNorth AmericaRegulation or StatuteUS Security and Exchange Commission
16 CFR Part 314, Standards for Safeguarding Customer Information, Final RuleReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data, Version 1.2RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Appendix of OCC 12 CFR Part 30, Safety and Soundness StandardsReleasedNorth AmericaRegulation or StatuteUS Office of the Comptroller of the Currency (OCC)
Finland Act on the Protection of Privacy in Electronic Communications, Unofficial TranslationReleasedEuropeRegulation or StatuteEduskunta
IRS Publication 1075: TAX INFORMATION SECURITY GUIDELINES FOR FEDERAL, STATE AND LOCAL AGENCIES AND ENTITIES; Safeguards for Protecting Federal Tax Returns and Return InformationReleasedNorth AmericaInternational or National StandardUS Internal Revenue Service
Customs-Trade Partnership Against Terrorism (C-TPAT) Importer Security CriteriaReleasedNorth AmericaBest Practice GuidelineUS Department of Homeland Security
EICC and GeSI Gold Supply Chain Transparency: Smelter Audit, Jule 12, 2012ReleasedEnergy OrganizationsSafe HarborElectronic Industry Citizenship Coalition
Common Configuration Enumeration List, Combined XML: Apache 1.3, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Shared Assessments Standardized Information Gathering Questionnaire - B. Security Policy, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
The Sedona Principles Addressing Electronic Document ProductionRedactedInternationalBest Practice GuidelineThe Sedona Conference
Wisconsin Statute, Chapter 134, Notice of unauthorized acquisition of personal information, Section 134.98, 2008 SessionReleasedNorth AmericaRegulation or StatuteWisconsin State Legislature
Guidance on Role Specific Training, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Virgin Islands Code Tittle 14 Chapter 110 The Identity Theft Prevention Act § 2201 thru § 2211ReleasedNorth AmericaRegulation or StatuteLegislature of the Virgin Islands
Montana Code § 45-6-332. Theft of identity, 2009 Legislative SessionReleasedNorth AmericaRegulation or StatuteMontana State Legislature
North Carolina Statutes, Chapter 75, Article 2A, Identity Theft Protection Act, Sections 75-60 thru 75-66ReleasedNorth AmericaRegulation or StatuteNorth Carolina General Assembly
DoD Instruction 4140.67, DoD Counterfeit Prevention PolicyReleasedNorth AmericaOrganizational DirectiveUS Department of Defense
Information Governance Assessment (Audit Questions), 1ReleasedRecords Management OrganizationsAudit GuidelineARMA International
FTC FACT Act Red Flags Rule Template, July 1, 2009ReleasedNorth AmericaAudit GuidelineFinancial Industry Regulatory Authority
OGC ITIL: Planning to Implement Service ManagementRedactedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
TITLE 49, Subtitle VII - Aviation Programs, December 5, 2001ReleasedNorth AmericaRegulation or StatuteUS Transportation Security Administration
Protection of Assets Manual, ASIS InternationalReleasedSecurity and Privacy OrganizationsSafe HarborASIS International
ISF Standard of Good Practice for Information Security, 2007RedactedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
Twenty Critical Security Controls for Effective Cyber Defense: Consensus Audit Guidelines, Version 4.0ReleasedSecurity and Privacy OrganizationsBest Practice GuidelineSANS Institute
Kentucky Revised Statutes, Title XXXVI, Chapter 411, Section 210, Action for theft of identity or trafficking in stolen identitiesReleasedNorth AmericaRegulation or StatuteKentucky State Legislature
Colorado Prohibition against Using Identity Information for Unlawful Purpose, CO HB 04-1134RedactedNorth AmericaRegulation or StatuteColorado State Legislature
Illinois Personal Information Protection Act IL HB 1633RedactedNorth AmericaRegulation or StatuteIllinois General Assembly
Louisiana Revised Statutes, Title 51, Sections 3073-3074, Database Security Breach Notification LawReleasedNorth AmericaRegulation or StatuteLouisiana State Legislature
Maine Revised Statutes Title 10, Part 3, Chapter 210-B, Notice of Risk to Personal DataReleasedNorth AmericaRegulation or StatuteMaine State Legislature
Rhode Island Security Breach Notification Law, RI HB 6191RedactedNorth AmericaRegulation or StatuteRhode Island General Assembly
Tennessee Security Breach Notification, TN SB 2220RedactedNorth AmericaRegulation or StatuteTennessee General Assembly
Virginia Identity theft; penalty; restitution; victim assistance, VA HB 872RedactedNorth AmericaRegulation or StatuteVirginia General Assembly
Washington Notice of a breach of the security, WA SB 6043RedactedNorth AmericaRegulation or StatuteWashington State Legislature
Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sectorReleasedEuropeInternational or National StandardEuropean Parliament
McAfee OVAL ChecksNot ApplicableVendorsAudit Guideline
Texas Business and Commerce Code, secs. 48.102, 48.103RedactedNorth AmericaRegulation or StatuteTexas State Legislature
IIA Global Technology Audit Guide (GTAG) 10: Business Continuity ManagementReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal DataReleasedBanking and Finance OrganizationsInternational or National StandardThe Organisation for Economic Cooperation and Development (OECD)
ISACA Cross-Border Privacy Impact AssessmentReleasedInternationalBest Practice GuidelineISACA
Defense Information Systems Agency UNIX Security Technical Implementation Guide Version 5 Release 1, Version 5, Release 1ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Turnbull Guidance on Internal Control, UK FRC, October 2005ReleasedEuropeInternational or National StandardFinancial Reporting Council
UK Data Protection Act of 1998ReleasedEuropeRegulation or StatuteParliament of the United Kingdom of Great Britain and Northern Ireland
BS ISO 20000-1:2005 IT Service Management StandardRedactedInternationalInternational or National StandardInternational Organization for Standardization
BS 25999-1, Business continuity management. Code of practice, 2006ReleasedRisk Management OrganizationsInternational or National StandardThe British Standards Institute
Mexico Federal Personal Data Protection Law, November 2005ReleasedNorth AmericaRegulation or StatuteCongress of the Union of the United Mexican States
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: AIX 5.3, 5.20100428RedactedConfigurationAudit GuidelineMITRE
Czech Republic Personal Data Protection Act, April 4, 2000ReleasedEuropeRegulation or StatuteParliament of the Czech Republic
12 CFR Part 229 Availability of Funds and Collection (Check Clearing for the 21st Century)ReleasedNorth AmericaRegulation or StatuteUS Congress
Ireland Data Protection Act of 1988RedactedEuropeRegulation or StatuteOireachtas
Netherlands Personal Data Protection Act, Session 1999-2000 Nr.92, REVISED BILL (as approved by the Lower House on 23 November 1999), Unofficial TranslationReleasedEuropeRegulation or StatuteStates General
The Cloud Security Alliance Controls Matrix, Version 1RedactedSecurity and Privacy OrganizationsBest Practice GuidelineThe Cloud Security Alliance
ORGANIC LAW 15/1999 of 13 December on the Protection of Personal DataReleasedEuropeRegulation or StatuteCortes Generales
Australia Spam ActReleasedAustralia-OceaniaRegulation or StatuteParliament of Australia
Korea Act on the Protection of Personal Information Maintained by Public Agencies 1994ReleasedAsiaRegulation or StatuteThe National Assembly of the Republic of Korea
45 CFR Part 160 - General Administrative RequirementsReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
Exchange2007SP3 Hub Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
VISA E-Commerce Merchants Guide to Risk Management Tools and Best Practices for Building a Secure Internet BusinessReleasedPayment Card OrganizationsBest Practice GuidelineVisa
PCAOB Auditing Standard No. 5ReleasedNorth AmericaAudit GuidelineUS Public Company Accounting Oversight Board
OECD Principles of Corporate Governance, 2004ReleasedBanking and Finance OrganizationsInternational or National StandardThe Organisation for Economic Cooperation and Development (OECD)
AICPA Suitable Trust Services Principles and CriteriaRedactedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Connecticut State Law, Section 36a-701b, Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practiceReleasedNorth AmericaRegulation or StatuteConnecticut General Assembly
Hawaii Revised Statute, Section 487N, Security Breach of Personal InformationReleasedNorth AmericaRegulation or StatuteHawaii State Legislature
Forensic Examination of Digital Evidence: A Guide for Law Enforcement, April 2004ReleasedNorth AmericaBest Practice GuidelineUS Department of Justice
Texas Business and Commercial Code, Title 11, Subtitle B, Chapter 521, Subchapter A, Section 521ReleasedNorth AmericaRegulation or StatuteTexas State Legislature
North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security StandardsRedactedNorth AmericaInternational or National StandardNorth American Electric Reliability Corporation
Common Configuration Enumeration List, Combined XML: Apache 2.0, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Cloud Security Alliance Controls Matrix, Version 1.1RedactedSecurity and Privacy OrganizationsBest Practice GuidelineThe Cloud Security Alliance
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data, Version 2.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
IRS Revenue Procedure: Record retention: automatic data processing, 98-25ReleasedNorth AmericaRegulation or StatuteUS Internal Revenue Service
Shared Assessments Standardized Information Gathering Questionnaire - C. Organizational Security, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Guidance on the Departmental Information Risk Policy, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Information Governance Assessment (Controls), 1ReleasedRecords Management OrganizationsAudit GuidelineARMA International
OGC ITIL: Security ManagementReleasedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
Transportation Security Administration (TSA) Security Guidelines for General Aviation Airports, Information Publication A-001, May 2004, Version 1.0ReleasedNorth AmericaInternational or National StandardUS Transportation Security Administration
The Standard of Good Practice for Information SecurityReleasedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
Colorado Revised Statutes, Section 6-1-713, Disposal of Personal Identifying DocumentsReleasedNorth AmericaRegulation or StatuteColorado State Legislature
Iowa Code, Section 614.4aReleasedNorth AmericaRegulation or StatuteIowa General Assembly
DISA Access Control STIG, Version 2, Release 3ReleasedNorth AmericaOrganizational DirectiveUS Defense Information Systems Agency
Arkansas Personal Information Protection Act AR SB 1167, S3/18/05RedactedNorth AmericaRegulation or StatuteArkansas General Assembly
DoD Instruction 5240.5, DoD Technical Surveillance Countermeasures (TSCM) Survey Program, May 23, 1984ReleasedNorth AmericaOrganizational DirectiveUS Department of Defense
Directive 2003/4/EC Of The European ParliamentReleasedEuropeInternational or National StandardEuropean Parliament
GAMP Good Practice Guide: Risk-Based Approach to Electronic Records and Signatures, 2005RedactedHealthcare and Life Science OrganizationsBest Practice GuidelineInternational Society for Pharmaceutical Engineering
Public Company Accounting Oversight Board Attestation Standards, Section 101ReleasedNorth AmericaSafe HarborUS Public Company Accounting Oversight Board
NSA Guide to the Secure Configuration of Solaris 9, Version 1.0ReleasedNorth AmericaBest Practice GuidelineUS National Security Agency
BS 25999-2, Business continuity management. Specification, 2007ReleasedRisk Management OrganizationsInternational or National StandardThe British Standards Institute
VISA Incident Response Procedure for Account Compromise, Version 1.2 2004ReleasedPayment Card OrganizationsBest Practice GuidelineVisa
ISACA Glossary of Terms, 2008ReleasedInternationalBest Practice GuidelineISACA
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: HP-UX 11.23, 5.20090115RedactedConfigurationAudit GuidelineMITRE
BS ISO 20000-2:2005, IT Service Management Standard - Code of PracticeRedactedInternationalInternational or National StandardInternational Organization for Standardization
Canada Personal Information Protection Electronic Documents Act (PIPEDA), 2000, c.5ReleasedNorth AmericaRegulation or StatuteParliament of Canada
IIA Global Technology Audit Guide (GTAG) 11: Developing the IT Audit PlanReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
Internet Security: Distributed Denial of Service Attacks - OCC Alert 2000-1ReleasedNorth AmericaBest Practice GuidelineUS Office of the Comptroller of the Currency (OCC)
Ireland Data Protection Amendment 2003RedactedEuropeRegulation or StatuteOireachtas
FFIEC Guidance on Authentication in an Internet Banking EnvironmentReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
Australia Spam Act 2003: A practical guide for businessReleasedAustralia-OceaniaBest Practice GuidelineParliament of Australia
Centers For Medicare & Medicaid Services (CMS) Records ScheduleReleasedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
Korea Act Relating to Use and Protection of Credit InformationReleasedAsiaRegulation or StatuteThe National Assembly of the Republic of Korea
45 CFR Part 162 - Administrative RequirementsReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
Exchange2007SP3 Mailbox Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
17 CFR Parts 210, 228, 229 and 240, Amendments to Rules Regarding Management's Report on Internal Control Over Financial Reporting; Final RuleReleasedNorth AmericaRegulation or StatuteUS Security and Exchange Commission
Defense Industrial Base Information Assurance StandardReleasedNorth AmericaBest Practice GuidelineUS Department of Homeland Security
Minnesota Statutes, Section 13.055, State Agencies; Disclosure of Breach in SecurityReleasedNorth AmericaRegulation or StatuteMinnesota State Legislature
Nevada Revised Statutes, Chapter 603A, Security of Personal InformationReleasedNorth AmericaRegulation or StatuteNevada State Legislature
Michigan Identity Theft Protection Act, Act 452 of 2004, Sections 445.61 thru 445.72aReleasedNorth AmericaRegulation or StatuteMichigan State Legislature
Nebraska Revised Statutes, Sections 8-2061 thru 8-2615, Credit Report Protection ActReleasedNorth AmericaBill or ActNebraska Legislature
AICPA/CICA Privacy FrameworkReleasedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage, Version 1.2RedactedPayment Card OrganizationsAudit GuidelinePCI Security Standards Council
FFIEC IT Examination Handbook - Audit, August 2003ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
Nebraska Revised Statutes, Sections 87-801 thru 87-807, Data Protection and Consumer Notification of Data Security Breach Act of 2006ReleasedNorth AmericaRegulation or StatuteNebraska Legislature
DISA Secure Remote Computing Security Technical Implementation Guide, Version 1 Release 2ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Common Configuration Enumeration List, Combined XML: Apache 2.2, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
MasterCard Wireless LANs - Security Risks and Guidelines, December 2004ReleasedPayment Card OrganizationsBest Practice GuidelineMasterCard
IRS Revenue Procedure: Retention of books and records, 97-22ReleasedNorth AmericaRegulation or StatuteUS Internal Revenue Service
Shared Assessments Standardized Information Gathering Questionnaire - D. Asset Management, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Guidance on the DHR Mandatory Role: Information Asset Owner, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Ohio Revised Code, Title XIII, Chapter 1347, Section 1347.12, Agency disclosure of security breach of computerized personal information dataReleasedNorth AmericaRegulation or StatuteOhio State General Assembly
ISO 12931:2012, Performance Criteria for Authentication Solutions Used to Combat Counterfeiting of Material Goods, First EditionReleasedInternationalInternational or National StandardInternational Organization for Standardization
OGC ITIL: Service DeliveryRedactedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards CIP-003-3, version 3ReleasedNorth AmericaInternational or National StandardNorth American Electric Reliability Corporation
The Cloud Security Alliance Controls Matrix, Version 1.2RedactedSecurity and Privacy OrganizationsBest Practice GuidelineThe Cloud Security Alliance
New York General Business Law, Section 399-hReleasedNorth AmericaRegulation or StatuteNew York State Legislature
16 CFR Part 310, Telemarketing Sales Rule (TSR)ReleasedNorth AmericaRegulation or StatuteUS Congress
Nevada Security Breach Notification Law, NV SB 347RedactedNorth AmericaRegulation or StatuteNevada State Legislature
North Dakota Personal Information Protection Act, ND SB 2251RedactedNorth AmericaRegulation or StatuteNorth Dakota Legislative Assembly
DoD Instruction 8500.2 Information Assurance (IA) ImplementationReleasedNorth AmericaAudit GuidelineUS Department of Defense
IIA Global Technology Audit Guide (GTAG) 12: Auditing IT ProjectsReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: HP-UX 11.23, 5.20100428RedactedConfigurationAudit GuidelineMITRE
Iceland Protection of Privacy as regards the Processing of Personal DataReleasedEuropeRegulation or StatuteAlthingi
Technology Risk Management Guide for Bank Examiners - OCC Bulletin 98-3ReleasedNorth AmericaBest Practice GuidelineUS Office of the Comptroller of the Currency (OCC)
CMS Business Partners Systems Security Manual, Rev. 10ReleasedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
Australia Telecommunications Act 1997ReleasedAustralia-OceaniaRegulation or StatuteParliament of Australia
Hong Kong Personal Data (Privacy) OrdinanceReleasedAsiaRegulation or StatuteOffice of the Privacy Commissioner for Personal Data, Hong Kong
Visa Payment Application Best Practices (PABP)RedactedPayment Card OrganizationsBest Practice GuidelineVisa
Japan Act on the Protection of Personal Information Protection (Law No. 57 of 2003)ReleasedAsiaRegulation or StatuteNational Diet of Japan
45 CFR Part 164 - Security and Privacy, current as of January 17, 2013ReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
Exchange2007SP3 UM Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
16 CFR Part 682 Disposal of consumer report information and recordsReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
The Standard of Good Practice for Information SecurityRedactedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
Colorado Revised Statutes, Section 6-1-716, Notice of Security BreachReleasedNorth AmericaRegulation or StatuteColorado State Legislature
FFIEC IT Examination Handbook - Business Continuity Planning, March 2008ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
The Standard of Good Practice for Information Security, 2013ReleasedSecurity and Privacy OrganizationsBest Practice GuidelineInformation Security Forum
FTC Electronic Signatures in Global and National Commerce Act (ESIGN), June 2001ReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
Third-Party Relationships Risk Management Guidance, OCC bulletin 2013-29, October 30, 2013ReleasedNorth AmericaOrganizational DirectiveUS Office of the Comptroller of the Currency (OCC)
The National Strategy to Secure Cyberspace, February 2003ReleasedNorth AmericaBest Practice GuidelineUS Department of Homeland Security
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage, Version 2.0ReleasedPayment Card OrganizationsAudit GuidelinePCI Security Standards Council
Shared Assessments Standardized Information Gathering Questionnaire - E. Human Resource Security, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Guidance on the Information Charter, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
ISO 13335-1 Information technology - Security techniques - Management of information and communications technology security - Part 1: Concepts and models for information and communications technology security management, 2004ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Ohio Revised Code, Title XIII, Chapter 1349, Section 1349.19, Private disclosure of security breach of computerized personal information data, 2009ReleasedNorth AmericaRegulation or StatuteOhio State General Assembly
OGC ITIL: Service SupportReleasedEuropeBest Practice GuidelineHer Majesty's Treasury Office of Government Commerce
16 CFR Part 312, Children's Online Privacy Protection RuleReleasedNorth AmericaRegulation or StatuteUS Congress
The Cloud Security Alliance Controls Matrix, Version 1.3ReleasedSecurity and Privacy OrganizationsBest Practice GuidelineThe Cloud Security Alliance
Common Configuration Enumeration List, Combined XML: HP-UX 11.23, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
CMS Business Partners Systems Security Manual, Rev. 8, 04-06-07RedactedNorth AmericaBest Practice GuidelineUS Centers for Medicare and Medicaid Services
DISA Secure Remote Computing Security Technical Implementation Guide, Version 2, Release 1ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Indiana Release of Social Security Number, Notice of Security Breach IN SB 503RedactedNorth AmericaRegulation or StatuteIndiana General Assembly
Minnesota Statutes, Section 325E.61, Data Warehouses; Notice Required For Certain DisclosuresReleasedNorth AmericaRegulation or StatuteMinnesota State Legislature
NISPOM - National Industrial Security Program Operating Manual (DoD 5220.22-M) February 26, 2006, February 28, 2006ReleasedNorth AmericaInternational or National StandardUS Department of Defense
New York Information Security Breach and Notification ActRedactedNorth AmericaRegulation or StatuteNew York State Legislature
Appendix B: Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, TSP Section 100 Principles and CriteriaReleasedNorth AmericaAudit GuidelineAmerican Institute of Certified Public Accountants
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Internet Explorer 7RedactedConfigurationAudit GuidelineMITRE
Finland Personal Data Protection Act (523/1999)ReleasedEuropeRegulation or StatuteEduskunta
Exchange2010SP2 CAS Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
45 CFR Part 170, Health Information Technology: Initial Set of Standards, Implementation Specifications, and Certification Criteria for Electronic Health Record Technology, Final RuleReleasedNorth AmericaRegulation or StatuteUS Department of Health and Human Services
The Commonwealth of Massachusetts, Title XV, Ch 93, Section 105, Credit cards; checks; personal identification informationReleasedNorth AmericaRegulation or StatuteThe General Court of the Commonwealth of Massachusetts
Australian Government Spam Act 2003ReleasedAustralia-OceaniaBill or ActParliament of Australia
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage, Version 1.2RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
FFIEC IT Examination Handbook - Development and AcquisitionReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003, Final Rule, November 9, 2007ReleasedNorth AmericaRegulation or StatuteUS Federal Trade Commission
17 CFR Part 240.17a-1, Recordkeeping rule for securities exchangesReleasedNorth AmericaRegulation or StatuteUS Congress
CMS Core Security Requirements (CSR), DraftRedactedNorth AmericaBest Practice GuidelineUS Centers for Medicare and Medicaid Services
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Internet Explorer 7, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Shared Assessments Standardized Information Gathering Questionnaire - F. Physical and Environmental, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Guidance on the scope of Quarterly Risk Assessments, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
COSO Enterprise Risk Management (ERM) Integrated Framework (2004)ReleasedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Colorado Revised Statutes, Title 16, Article 5, Section 103, Identity theft victims - definitionsReleasedNorth AmericaRegulation or StatuteColorado State Legislature
Common Configuration Enumeration List, Combined XML: Internet Explorer 7, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
SECNAV Instruction 3850.4, Technical Surveillance Countermeasures (TSCM) ProgramReleasedNorth AmericaOrganizational DirectiveUS Department of Defense
The Center for Internet Security AIX Benchmark, 1.0.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting, Provisional TranslationReleasedAsiaRegulation or StatuteNational Diet of Japan
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Unofficial TranslationReleasedEuropeInternational or National StandardEuropean Parliament
Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004ReleasedAustralia-OceaniaRegulation or StatuteParliament of Australia
DISA Windows Server 2003 Security Checklist, Version 6 Release 1.11ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Exchange2010SP2 Edge Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
ISO 13335-3 Information technology - Guidelines for the management of IT Security - Part 3: Techniques for the management of IT Security, 1998ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Minnesota Statutes, Section 325E.64, Access Devices; Breach of SecurityReleasedNorth AmericaRegulation or StatuteMinnesota State Legislature
17 CFR Part 240.17a-3, Records to be made by certain exchange members, brokers, and dealersReleasedNorth AmericaRegulation or StatuteUS Congress
Republic of South Africa, Act No. 2, 2000 Promotion of Access to InformationReleasedAfricaBill or ActParliament of the Republic of South Africa
Common Configuration Enumeration List, Combined XML: Internet Information Services 5, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Generally Accepted Privacy Principles (GAPP), CPA and CA Practitioner Version, August 2009ReleasedNorth AmericaBest Practice GuidelineAmerican Institute of Certified Public Accountants
The Center for Internet Security Apple iOS 7 Level 1 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage, Version 2.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Guidance on the use of the business impact level tables, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Shared Assessments Standardized Information Gathering Questionnaire - G. Communications and Operations Management, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
On the Setting of the Standards and Practice Standards for Management Assessment and Audit concerning Internal Control Over Financial Reporting, Unofficial TranslationRedactedAsiaRegulation or StatuteNational Diet of Japan
PAS 77 IT Service Continuity Management. Code of Practice, 2006ReleasedRisk Management OrganizationsInternational or National StandardThe British Standards Institute
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Microsoft Office 2007, 5.20090115RedactedConfigurationAudit GuidelineMITRE
EU 8th Directive (European SOX)ReleasedEuropeRegulation or StatuteEuropean Parliament
Exchange2010SP2 Hub Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Department of Health and Human Services Records Management Handbook, Appendix B - General Records Schedule, V 1.2ReleasedNorth AmericaSafe HarborUS Department of Health and Human Services
DISA Windows VISTA Security Checklist, Version 6 Release 1.11ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
ISO 13335-4 Information technology - Guidelines for the management of IT Security - Part 4: Selection of safeguards, 2000ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Key Steps for Organizations in Responding to Privacy BreachesReleasedAustralia-OceaniaBest Practice GuidelineParliament of Australia
FFIEC IT Examination Handbook - E-Banking, August 2003ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
FFIEC IT Examination Handbook - Information SecurityReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 1.2RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
17 CFR Part 240.17a-4, Records to be preserved by certain exchange members, brokers, and dealersReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration List, Combined XML: Internet Information Services 6, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Center for Internet Security Apple iOS 7 Level 2 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
HMG BASELINE PERSONNEL SECURITY STANDARD, GUIDANCE ON THE PRE-EMPLOYMENT SCREENING OF CIVIL SERVANTS, MEMBERS OF THE ARMED FORCES, TEMPORARY STAFF AND GOVERNMENT CONTRACTORS, Version 3, February 2001ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Reporting on Controls at a Service Organization Checklist, PRP §21,100ReleasedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Shared Assessments Standardized Information Gathering Questionnaire - H. Access Control, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Microsoft Office 2007, 5.20100428ReleasedConfigurationAudit GuidelineMITRE
Italy Personal Data Protection CodeReleasedEuropeRegulation or StatuteItalian Parliament
IIA Global Technology Audit Guide (GTAG) 2:Change and Patch Management Controls: Critical for Organizational SuccessReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
Department of Health and Human Services Records Management Handbook, Appendix D - HHS Guidelines for Establishing An Electronic Recordkeeping Process, Version 2.9 DraftReleasedNorth AmericaSafe HarborUS Department of Health and Human Services
Exchange2010SP2 Mailbox Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
ISO 13335-5 Information technology - Guidelines for the management of IT Security - Part 5: Management guidance on network security, 2001ReleasedInternationalInternational or National StandardInternational Organization for Standardization
FFIEC IT Examination Handbook - ManagementReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
CMS Information Security Risk Assessment (IS RA) Procedure, DraftRedactedNorth AmericaBest Practice GuidelineUS Centers for Medicare and Medicaid Services
Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
The Center for Internet Security CentOS 6 Level 1 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Shared Assessments Standardized Information Gathering Questionnaire - I. Information Systems Acquisition Development & Maintenance, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
HMG Security Policy Framework, Version 6.0 May 2011ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2)ReleasedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Common Configuration Enumeration List, Combined XML: Microsoft Exchange 2007, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Red Hat Enterprise Linux 4RedactedConfigurationAudit GuidelineMITRE
Italy Protection of Individuals Other Subject with regard to the Processing of Personal DataReleasedEuropeRegulation or StatuteItalian Parliament
IIA Global Technology Audit Guide (GTAG) 3: Continuous Auditing: Implications for Assurance, Monitoring, and Risk AssessmentReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
Department of Health and Human Services Records Management Procedures Manual, Version 1.0 Final DraftReleasedNorth AmericaBest Practice GuidelineUS Department of Health and Human Services
DISA Windows XP Security Checklist, Version 6 Release 1.11ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Exchange2010SP2 UM Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
General Principles of Software Validation; Final Guidance for Industry and FDA Staff, Version 2.0ReleasedNorth AmericaSafe HarborUS Department of Health and Human Services
SAS No. 109, Understanding the Entity and Its Environment and Assessing the Risks of Material MisstatementReleasedNorth AmericaAudit GuidelineAmerican Institute of Certified Public Accountants
DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2, Version 5, Release 2.2ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
FFIEC IT Examination Handbook - Operations, July 2004ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
17 CFR Part 240.17Ad-7, Record retentionReleasedNorth AmericaRegulation or StatuteUS Congress
The Center for Internet Security CentOS 6 Level 2 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Industrial Security - Departmental Responsibilities, Version 5.0 October 2010ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers, 3ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
Shared Assessments Standardized Information Gathering Questionnaire - J. Incident Event and Communications Management, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Common Configuration Enumeration List, Combined XML: Microsoft Exchange Server 2010, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Red Hat Enterprise Linux 4, 5.20090115RedactedConfigurationAudit GuidelineMITRE
California Civil Code § 1798.91, State Prohibitions on Marketing Practices using Medical InformationReleasedNorth AmericaRegulation or StatuteCalifornia Legislature
IE10 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
CMS Information Security Risk Assessment (IS RA) Procedure, Version 1.0 FinalReleasedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
IIA Global Technology Audit Guide (GTAG) 4: Management of IT AuditingReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
ISO 13485:2003 Medical devices -- Quality management systems -- Requirements for regulatory purposes, 2003ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Guidance for Industry Part 11, Electronic Records; Electronic Signatures - Scope and Application, August 2003ReleasedNorth AmericaSafe HarborUS Department of Health and Human Services
SAS No. 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence ObtainedReleasedNorth AmericaAudit GuidelineAmerican Institute of Certified Public Accountants
DISA Wireless STIG Apriva Sensa Secure Wireless Email System Security Checklist, V5R2.2, Version 5 Release 2.2ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
South African Interception of Communications Act, No 6/2007ReleasedAfricaBill or ActParliament of the Republic of South Africa
Nuclear Industries Security Regulations, Version 2.0, May 2010ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers, 3ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
Shared Assessments Standardized Information Gathering Questionnaire - K. Business Continuity and Disaster Recovery, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
18 USC § 2710, Wrongful disclosure of video tape rental or sale recordsReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration List, Combined XML: Microsoft Internet Explorer 8, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Center for Internet Security FreeBSD Benchmark, 1.0.5ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
CMS Information Security Terms & Definitions, Version 3.0RedactedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Red Hat Enterprise Linux 5RedactedConfigurationAudit GuidelineMITRE
FFIEC IT Examination Handbook - Outsourcing Technology Services, June 2004ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
IIA Global Technology Audit Guide (GTAG) 5: Managing and Auditing Privacy RisksReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
IE10 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
ISO 14971:2007 Medical devices -- Application of risk management to medical devices, 2007ReleasedInternationalInternational or National StandardInternational Organization for Standardization
DISA WIRELESS STIG BLACKBERRY SECURITY CHECKLIST, Version 5, Release 2.4, Version 5 Release 2.4ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
The Electronic Communications and Transactions Act, 2002ReleasedAfricaBill or ActParliament of the Republic of South Africa
Outline Specification for DHR Information Awareness Training, March 2009ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
SSAE No. 16 Reporting on Controls at a Service OrganizationReleasedNorth AmericaSafe HarborAmerican Institute of Certified Public Accountants
Shared Assessments Standardized Information Gathering Questionnaire - L. Compliance, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
ISO 15288-2008 Systems and software engineering - System life cycle processes, R 2008ReleasedInternationalInternational or National StandardInternational Organization for Standardization
18 USC § 2721, Prohibition on release and use of certain personal information from State motor vehicle records (Driver's Privacy Protection Act (DPPA)ReleasedNorth AmericaRegulation or StatuteUS Congress
The Center for Internet Security HP-UX Benchmark, 1.4.2ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Red Hat Enterprise Linux 5, 5.20090115RedactedConfigurationAudit GuidelineMITRE
IE8 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
CMS Information Security Terms, Definitions, and Acronyms, Version 4.0 FINALReleasedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
IIA Global Technology Audit Guide (GTAG) 6: Managing and Auditing IT VulnerabilitiesReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
FFIEC IT Examination Handbook - Retail Payment Systems, March 2004ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, V5R2.3, Version 4 Release 2.2RedactedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
Security Requirements for List X Contractors, Version 5.0 October 2010ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
ISO 15408-1 Common Criteria for Information Technology Security Evaluation Part 1, 2005ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Shared Assessments Standardized Information Gathering Questionnaire - P. Privacy, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 10, 5.20090115RedactedConfigurationAudit GuidelineMITRE
IE8 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FFIEC IT Examination Handbook - Supervision of Technology Service Providers, March 2003ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
IIA Global Technology Audit Guide (GTAG) 7: Information Technology OutsourcingReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
HIPAA HCFA Internet Security Policy, November 1998ReleasedNorth AmericaBest Practice GuidelineUS Centers for Medicare and Medicaid Services
Common Configuration Enumeration List, Combined XML: Microsoft SQL Server 2000, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 3.0ReleasedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
The Contractual process, Version 5.0 October 2010ReleasedEuropeSafe HarborCabinet Office Her Majestys Government United Kingdom
ISO 15408-2 Common Criteria for Information Technology Security Evaluation Part 2, 2008ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Shared Assessments Standardized Information Gathering Questionnaire - V. Cloud, 7.0ReleasedNorth AmericaAudit GuidelineThe Financial Services Roundtable
DISA Wireless STIG Motorola Good Mobile Wireless Email System Security Checklist, Version 5 Release 2.3ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
The Center for Internet Security Mac OS X Tiger Level I Security Benchmark, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 10, 5.20100428RedactedConfigurationAudit GuidelineMITRE
IIA Global Technology Audit Guide (GTAG) 8: Auditing Application ControlsReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
IE9 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FFIEC IT Examination Handbook - Wholesale Payment Systems, July 2004ReleasedNorth AmericaBest Practice GuidelineUS Federal Financial Institutions Examination Council (FFIEC)
Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 1.2.1RedactedPayment Card OrganizationsSelf-Regulatory Body RequirementPCI Security Standards Council
DISA Wireless STIG Windows Mobile Messaging Wireless EChecklist Version 5, Release 2.4, Version 5 Release 2.4ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
Common Configuration Enumeration List, Combined XML: Microsoft SQL Server 2005, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Center for Internet Security Microsoft Internet Explorer 10 Level 1 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 15408-3 Common Criteria for Information Technology Security Evaluation Part 3, 2008ReleasedInternationalInternational or National StandardInternational Organization for Standardization
32 CFR Part 149, Policy of Technical Surveillance CountermeasuresReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 8, 5.20090115RedactedConfigurationAudit GuidelineMITRE
IIA Global Technology Audit Guide (GTAG) 9: Identity and Access ManagementReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer NoticeReleasedNorth AmericaSafe HarborUS Federal Financial Institutions Examination Council (FFIEC)
Pub 100-17 Medicare Business Partners Systems Security, Transmittal 7, Appendix A: CMS Core Security Requirements CSR, March 17, 2006ReleasedNorth AmericaSafe HarborUS Centers for Medicare and Medicaid Services
IE9 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Microsoft Windows 7 - Enterprise-Desktop Benchmark, 1.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
The GAIT MethodologyReleasedRisk Management OrganizationsBest Practice GuidelineThe Institute of Internal Auditors
System Security Plan (SSP) Procedure, Version 1.0 FinalRedactedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
Microsoft Developer Network Security Glossary, Build date 6/26/2009ReleasedConfigurationBest Practice GuidelineMicrosoft
ISO 15489-1:2001, Information and Documentation: Records management: Part 1: GeneralRe-QueuedInternationalInternational or National StandardInternational Organization for Standardization
34 CFR Part 99, Family Education Rights Privacy Act (FERPA)ReleasedNorth AmericaRegulation or StatuteUS Congress
Payment Card Industry (PCI) Information Supplement: PCI DSS Wireless GuidelineReleasedPayment Card OrganizationsSafe HarborPCI Security Standards Council
Common Configuration Enumeration List, Combined XML: Microsoft Windows Server 2008 R2, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 8, 5.20100428RedactedConfigurationAudit GuidelineMITRE
The Center for Internet Security Microsoft Windows 7 - Enterprise-Laptop Benchmark, 1.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Medical Devices Security Technical Implementation Guide, Version 1, Release 1ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
System Security Plan (SSP) Procedure, Version 1.1 FinalReleasedNorth AmericaSelf-Regulatory Body RequirementUS Centers for Medicare and Medicaid Services
ISO 15489-2: 2001, Information and Documentation: Records management: Part 2: GuidelinesReleasedInternationalInternational or National StandardInternational Organization for Standardization
California Civil Code Title 1.8 Personal Data Chapter 1 Information Practices Act of 1977 Article 7. Accounting of Disclosures §§ 1798.25-1798.29ReleasedNorth AmericaRegulation or StatuteCalifornia Legislature
Common Configuration Enumeration List, Combined XML: Oracle WebLogic Server 11g, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 9, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Payment Card Industry (PCI) Payment Application Data Security Standard, Version 1.1ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
The Center for Internet Security Microsoft Windows 7 - SSLF-Desktop Benchmark, 1.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Multi-Function Device (MFD) and Printer Checklist for Sharing Peripherals Across the Network Security Technical Implementation Guide, Version 1 Release 1.3ReleasedNorth AmericaBest Practice GuidelineUS Defense Information Systems Agency
California Civil Code Title 1.81 Customer Records § 1798.80-1798.84ReleasedNorth AmericaRegulation or StatuteCalifornia Legislature
ISO 17799 Code of Practice for Information Security Management, 2000RedactedInternationalInternational or National StandardInternational Organization for Standardization
49 CFR Part 1542, Airport SecurityReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration List, Combined XML: Polycom HDX 3, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Sun Solaris 9, 5.20100428RedactedConfigurationAudit GuidelineMITRE
The Center for Internet Security Microsoft Windows 7 - SSLF-Laptop Benchmark, 1.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Microsoft Security Event Descriptions, 10/21/2013ReleasedConfigurationVendor DocumentationMicrosoft
ISO 17799 Code of Practice for Information Security Management, 2005RedactedInternationalInternational or National StandardInternational Organization for Standardization
Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 4, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows 2000RedactedConfigurationAudit GuidelineMITRE
Payment Card Industry Self-Assessment Questionnaire A and Attestation of Compliance No Electronic St, Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
American Recovery and Reinvestment Act of 2009, Division A Title XIII Health Information TechnologyReleasedNorth AmericaBill or ActUS Congress
The Center for Internet Security Microsoft Windows 7 Level 1 + BitLocker Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 18045 Common Methodology for Information Technology Security Evaluation Part 3, 2005ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Common Configuration Enumeration List, Combined XML: Red Hat Enterprise Linux 5, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows 2000, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Microsoft Simplified Implementation of the Security Development Lifecycle (SDL), 1.0ReleasedConfigurationBest Practice GuidelineMicrosoft
Payment Card Industry Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines, Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
The Center for Internet Security Microsoft Windows 7 Level 1 Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 18045 Common Methodology for Information Technology Security Evaluation, 2008RedactedInternationalInternational or National StandardInternational Organization for Standardization
Common Configuration Enumeration List, Combined XML: Sun Solaris 10, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Bank Secrecy Act (aka The Currency and Foreign Transaction Reporting Act), September 2000ReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows 7RedactedConfigurationAudit GuidelineMITRE
Payment Card Industry Self-Assessment Questionnaire C and Attestation of Compliance Payment Applicat, Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
The Center for Internet Security Microsoft Windows 8 Level 1 + BitLocker Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 20000-1 Information technology - Service Management Part 1, 2005RedactedInternationalInternational or National StandardInternational Organization for Standardization
Cable Communications Privacy Act Title 47 § 551ReleasedNorth AmericaRegulation or StatuteUS Congress
Common Configuration Enumeration List, Combined XML: Sun Solaris 8, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows Server 2003RedactedConfigurationAudit GuidelineMITRE
Payment Card Industry Self-Assessment Questionnaire D and Attestation of Compliance All Other Merch, Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
PCI DSS (Payment Card Industry Data Security Standard), Version 1.1RedactedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
California Electronic Discovery Act of 2009RedactedNorth AmericaBill or ActCalifornia Legislature
The Center for Internet Security Microsoft Windows 8 Level 1 Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 20000-1, Information Technology - Service Management - Part 1: Service Management System Requirements, Second EditionReleasedInternationalInternational or National StandardInternational Organization for Standardization
Common Configuration Enumeration List, Combined XML: Sun Solaris 9, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows Server 2003, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Microsoft Windows Vista Security Guide Appendix A: Security Group Policy SettingsReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Security Scanning Procedures, Version 1.1ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration List, Combined XML: Tomcat 4, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Center for Internet Security Microsoft Windows Server 2008 Level 1 Domain Controller Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
ISO 20000-2 Information technology - Service Management Part 2, 2005ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Children's Online Privacy Protection Act of 1998ReleasedNorth AmericaRegulation or StatuteUS Congress
Office2010SP1 Computer Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows Server 2008RedactedConfigurationAudit GuidelineMITRE
Common Configuration Enumeration List, Combined XML: Tomcat 5, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Clinger-Cohen Act (Information Technology Management Reform Act)ReleasedNorth AmericaRegulation or StatuteUS Congress
The Center for Internet Security Microsoft Windows Server 2008 Level 1 Member Server Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Office2010SP1 User Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire A and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows Server 2008, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Common Configuration Enumeration List, Combined XML: Tomcat 6, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Domain Controller Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
OSG-EC-Computer, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows VistaRedactedConfigurationAudit GuidelineMITRE
The Center for Internet Security Microsoft Windows Server 2008 R2 Level 1 Member Server Benchmark, 2.1.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Common Configuration Enumeration List, Combined XML: Windows 2000, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
OSG-EC-User, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire B and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows Vista, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Computer Fraud and Abuse ActReleasedNorth AmericaRegulation or StatuteUS Congress
The Center for Internet Security Microsoft Windows Server 2012 Level 1 Domain Controller Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003, Dec. 16, 2003ReleasedNorth AmericaRegulation or StatuteUS Congress
OSG-SSLF-Computer, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire B-IP and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows XPRedactedConfigurationAudit GuidelineMITRE
The Center for Internet Security Microsoft Windows Server 2012 Level 1 Member Server Benchmark, 1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
California General Security Standard for Businesses CA AB 1950, September 29, 2004RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Common Configuration Enumeration List, Combined XML: Windows Server 2003, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
ISO 24762 Information technology - Security techniques - Guidelines for information and communications technology disaster recovery services, 2008ReleasedInternationalInternational or National StandardInternational Organization for Standardization
OSG-SSLF-User, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Common Configuration Enumeration: Unique Identifiers for Common System Configuration Issues: Windows XP, 5.20090115RedactedConfigurationAudit GuidelineMITRE
Equal Credit Opportunity Act (Reg. B)ReleasedNorth AmericaRegulation or StatuteUS Congress
ISO 27001 Information Security Management Systems - Requirements, 2005RedactedInternationalInternational or National StandardInternational Organization for Standardization
Common Configuration Enumeration List, Combined XML: Windows Server 2008, 5.20130214ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
PCI DSS Self-Assessment Questionnaire C-VT and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Fair and Accurate Credit Transactions Act of 2003 (FACT Act)ReleasedNorth AmericaRegulation or StatuteUS Congress
Win7SP1 Bitlocker Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
ISO 27001:2013, Information Technology - Security Techniques - Information Security Management Systems - Requirements, 2013ReleasedInternationalInternational or National StandardInternational Organization for Standardization
The Center for Internet Security Open Enterprise Server: NetWare (v1) Consensus Baseline Security Settings Benchmark, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Fair Credit Reporting Act (FCRA), July 30, 2004ReleasedNorth AmericaRegulation or StatuteUS Congress
Win7SP1 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Merchants, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Federal Information Security Management Act of 2002ReleasedNorth AmericaRegulation or StatuteUS Congress
The Center for Internet Security Red Hat Enterprise Linux 6 Level 1 Benchmark, 1.2.0ReleasedConfigurationSafe HarborThe Center for Internet Security
PCI DSS Self-Assessment Questionnaire D and Attestation of Compliance for Service Providers, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
ISO 27002 Code of practice for information security management, 2005ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Win7SP1 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Red Hat Enterprise Linux 6 Level 2 Benchmark, 1.2.0ReleasedConfigurationSafe HarborThe Center for Internet Security
Federal Rules of Civil Procedure (2007)Re-QueuedNorth AmericaRegulation or StatuteUS Congress
ISO 27005 Information technology -- Security techniques -- Information security risk management, 2011ReleasedInternationalInternational or National StandardInternational Organization for Standardization
Computer Security Incident Handling Guide, NIST SP 800-61, Revision 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
PCI DSS Self-Assessment Questionnaire P2PE-HW and Attestation of Compliance, Version 3.0ReleasedPayment Card OrganizationsContractual ObligationPCI Security Standards Council
Win7SP1 Extended DCM Checks, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Gramm-Leach-Bliley Act (GLB)ReleasedNorth AmericaBill or ActUS Congress
Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, June 2002RedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.0.5ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Win7SP1 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Red Hat Enterprise Linux Benchmark, 1.1.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Contingency Planning Guide for Information Technology Systems, NIST SP 800-34, Rev. 1 (Draft)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
Win8 BitLocker SecurityReleasedConfigurationVendor DocumentationMicrosoft
Health Care and Education Reconciliation Act of 2010, Public Law 111-152, 111th CongressNot ApplicableNorth AmericaBill or ActUS Congress
Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, 104th CongressReleasedNorth AmericaBill or ActUS Congress
California Information Practice Act, CA SB 1386RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
The Center for Internet Security Slackware Linux Benchmark, 1.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Win8 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
House Legislative Counsel's Manual on Drafting Style, 104th Congress, 1st SessionReleasedNorth AmericaSafe HarborUS Congress
Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i, NIST SP 800-97, February 2007ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Solaris 10 Benchmark, 2.1.2ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Win8 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FDCC Windows IE7 SCAP content using OVAL (fdcc-ie7-oval.xml, fdcc-ie7-patches.xml), Version 5.4ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
Leahy Personal Data Privacy and Security Act of 2009, Senate Bill 1490, 111th CongressReleasedNorth AmericaBill or ActUS Congress
The Center for Internet Security Solaris Benchmark, 1.5.0ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
PCI Security Standards Council Qualified Security Assessor (QSA) Training Guide, Module 3 - Testing Procedures, 2007Not ApplicablePayment Card OrganizationsAudit GuidelinePCI Security Standards Council
Win8 Extended DCM Checks, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 140-2, Security Requirements for Cryptographic Modules, 2ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
California OPP Recommended Practices on Notification of Security Breach, May 2008ReleasedNorth AmericaSafe HarborCalifornia Legislature
The Center for Internet Security SuSE Linux Enterprise Server Benchmark, 2ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Win8 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Medicare Physician Payment Reform Act of 2009, Public Law 111-141, 111th CongressNot ApplicableNorth AmericaBill or ActUS Congress
ISO 31000 Risk management -- Principles and guidelines, 2009ReleasedInternationalInternational or National StandardInternational Organization for Standardization
The Center for Internet Security Ubuntu 12.04 LTS Level 1 Benchmark, v1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
California Personal Information: Disclosure to Direct Marketers Act (SB 27)RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Patient Protection and Affordable Care Act, Public Law 111-148, 111th CongressReleasedNorth AmericaBill or ActUS Congress
The Center for Internet Security Ubuntu 12.04 LTS Level 2 Benchmark, v1.0.0ReleasedConfigurationSafe HarborThe Center for Internet Security
California Public Records Military Veteran Discharge Documents, California Assembly Bill 1798, 01/15/2002RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
Patient Safety And Quality Improvement Act Of 2005, Public Law 109-41, 109th CongressReleasedNorth AmericaBill or ActUS Congress
FIPS Pub 181, Automated Password Generator (APG), Oct 1993ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Windows 2000 Benchmark, 2.2.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WinVistaSP2 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 185, Escrowed Encryption Standard (EES)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
ISO 62304 - 2006 Medical device software - Software life cycle processes, 2006ReleasedInternationalInternational or National StandardInternational Organization for Standardization
PUBLIC LAW 111-203, July 21 2010ReleasedNorth AmericaRegulation or StatuteUS Congress
ISO 73, Risk Management - Vocabulary, 2002ReleasedInternationalInternational or National StandardInternational Organization for Standardization
California Senate Bill 20 (2009, Simitian), An act to amend Sections 1798.29 and 1798.82 of the Civil Code, relating to personal informationRedactedNorth AmericaRegulation or StatuteCalifornia Legislature
The Center for Internet Security Windows 2000 Professional Benchmark, 2.2.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
FIPS Pub 186-3, Digital Signature Standard (DSS)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WinVistaSP2 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Windows 2000 Professional Operating System Level 2 Benchmark, 2.2.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Right to Financial Privacy ActReleasedNorth AmericaRegulation or StatuteUS Congress
WinVistaSP2 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 188, Standard Security Label for Information TransferReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Windows 2000 Server Benchmark, 2.2.1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WinXPSP3 Computer Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 190, Guideline for the use of Advanced Authentication Technology AlternativesReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
Securities Act of 1933ReleasedNorth AmericaRegulation or StatuteUS Congress
FIPS Pub 191, Guideline for the Analysis of Local Area Network (LAN) SecurityReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Windows NT Benchmark, 1.0.5ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WinXPSP3 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Securities Exchange Act of 1934ReleasedNorth AmericaRegulation or StatuteUS Congress
The Sarbanes-Oxley Act of 2002 (SOX)ReleasedNorth AmericaRegulation or StatuteUS Congress
Consumer Credit Reporting Agencies Act, California Civil Code 17851-1785.6ReleasedNorth AmericaRegulation or StatuteCalifornia Legislature
WinXPSP3 User Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 196, Entity Authentication using Public Key CryptographyReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2003SP2 Certificate Services Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
State Prohibitions on Marketing Practices using Medical Information (CA SB1633)RedactedNorth AmericaRegulation or StatuteCalifornia Legislature
FIPS Pub 197, Advanced Encryption Standard (AES)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Windows XP Professional SP1/SP2 Benchmark, 2.01ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WS2003SP2 DHCP Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 198-1, The Keyed-Hash Message Authentication Code (HMAC)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Wireless Networking Benchmark, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
FIPS Pub 199, Standards for Security Categorization of Federal Information and Information Systems, February 2004ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2003SP2 Domain Controller Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Wireless Networking Benchmark, Apple Addendum, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
FIPS Pub 200, Minimum Security Requirements for Federal Information and Information Systems, March 2006ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2003SP2 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
The Center for Internet Security Wireless Networking Benchmark, Cisco Addendum, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WS2003SP2 File Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FIPS Pub 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors, Change Notice 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Wireless Networking Benchmark, DLINK Addendum, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
WS2003SP2 Internet Authentication Services Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
FISMA Risk Management Framework (RMF)Not ApplicableNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
The Center for Internet Security Wireless Networking Benchmark, Linksys Addendum, 1ReleasedConfigurationBest Practice GuidelineThe Center for Internet Security
Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2003SP2 Member Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14, September 1996ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2003SP2 Print Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2003SP2 Web Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Glossary of Key Information Security Terms, NIST IR 7298ReleasedNorth AmericaNot SetUS National Institute of Standards and Technology
WS2008R2SP1 AD Certificate Services Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68, Revision 1ReleasedNorth AmericaBest Practice GuidelineUS National Institute of Standards and Technology
WS2008R2SP1 DHCP Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guide for Assessing the Security Controls in Federal Information Systems, NIST SP 800-53AReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 DNS Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guide for Developing Performance Metrics for Information Security, NIST SP 800-80ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
Guide for Developing Security Plans for Federal Information Systems, NIST SP 800-18, Revision 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Domain Controller Security Compliance, 1.1ReleasedConfigurationVendor DocumentationMicrosoft
Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60, Volume II, Revision 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guide to Bluetooth Security, NIST SP 800-121, September 2008ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 File Server FCI, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guide to Computer Security Log Management, NIST SP 800-92ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 File Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008R2SP1 Hyper-V Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), NIST SP 800-122, DRAFTRedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Member Server Security Compliance, 1.1ReleasedConfigurationVendor DocumentationMicrosoft
Guide to Securing Legacy IEEE 802.11 Wireless Networks, NIST SP 800-48, Revision 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Network Access Services Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guidelines for Media Sanitization, NIST SP 800-88, September 2006ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Print Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guidelines on Cell Phone and PDA Security, NIST SP 800-124, October 2008ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Remote Desktop Services Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Guidelines on Firewalls and Firewall Policy, NIST SP 800-41, January 2002ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008R2SP1 Web Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Improving Critical Infrastructure Cybersecurity Executive Order 13636, Preliminary Cybersecurity Framework, Preliminary DraftRedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008SP2 AD Certificate Services Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Introductory Resource Guide for HIPAA NIST SP 800-66RedactedNorth AmericaSafe HarborUS National Institute of Standards and Technology
WS2008SP2 DHCP Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response, August 2006ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008SP2 DNS Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
NIST SCAP Microsoft Internet Explorer Version 7 (fdcc-ie7-xccdf.xml), FDCC IE7 (1.2) SCAP Content - OVAL 5.4ReleasedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
WS2008SP2 Domain Controller Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
NIST SCAP Microsoft Internet Explorer Version 7, SCAP-IE7-OVAL-Beta-v3.xmlRedactedNorth AmericaAudit GuidelineUS National Institute of Standards and Technology
WS2008SP2 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008SP2 File Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008SP2 Hyper-V Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
NIST SP 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008SP2 Member Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008SP2 Network Access Services Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008SP2 Print Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
NISTIR 7628 Guidelines for Smart Grid Cyber Security: Vol. 1, Smart Grid Cyber Security Strategy, Architecture, and High-Level Requirements, August 2010ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2008SP2 Terminal Services Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
WS2008SP2 Web Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Performance Measurement Guide for Information Security, NIST 800-55, Revision 1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
Recommended Security Controls for Federal Information Systems, NIST SP 800-53ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 AD Certificate Services Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Recommended Security Controls for Federal Information Systems, NIST SP 800-53, Revision 2RedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 DHCP Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Risk Management Guide for Information Technology Systems, NIST SP 800-30, July 2002ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 DNS Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, High Impact Baseline, Revision 4ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Domain Controller Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Low Impact Baseline, Revision 4ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Domain Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Moderate Impact Baseline, Revision 4ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 File Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-53, Revision 4ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Hyper-V Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security Considerations in the Information System Development Life Cycle, NIST SP 800-64, Revision 2ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Member Server Security Compliance, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security Metrics Guide for Information Technology Systems, NIST SP 800-55, July 2003RedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Network Policy and Access Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Security Self-Assessment Guide, NIST SP 800-26RedactedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Print Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
Underlying Technical Models for Information Technology Security, SP 800-33, December 2001ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Remote Access Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
USGCB: Guidance for Securing Microsoft Internet Explorer 7, v1.2.3.1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Remote Desktop Services Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft
USGCB: Guidance for Securing Microsoft Internet Explorer 8, v1.2.3.1ReleasedNorth AmericaInternational or National StandardUS National Institute of Standards and Technology
WS2012 Web Server Security, 1.0ReleasedConfigurationVendor DocumentationMicrosoft