Regulations

Regulations and guidelines are a big part of the cybersecurity industry, in their core identity and access management (AIM) guidelines protect identities according to industries and actions taken.

Payment Services Directive (PSD)

The Payment Services Directive is an EU Directive, administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). The Directive’s purpose was to increase pan-European competition and participation in the payments industry also from non-banks and to provide for a level playing field by …

Defense Federal Acquisition Regulations Supplement (DFARS)

The United States federal government maintains a long list of protocols for how it goes about buying equipment and supplies for its various agencies and projects. These rules are laid out in the Federal Acquisition Regulations (FAR). The Defense Federal Acquisition Regulations Supplement, or DFARS, is the subset of FAR that deals with procurement for the Department of Defense (DoD). Included …

National Institute of Standards and Technology (NIST)

The US National Institute of Standards and Technology (NIST) is one of the oldest and most prestigious organizations dealing with standards on digital data. Founded in 1901, NIST is a chain of physical laboratories charged with researching best practices on a wide variety of technical and applied sciences. Today NIST is most known for its publications on information technology. Although they …

Center of Internet Security Controllers (CIS Controllers)

Who are they? The Center of Internet Security (CIS) is a non-for-profit NGO that develops their own Configuration Policy Benchmarks (CPB). The CPB are essentially guidelines by which organizations can improve their cyber security and compliance programs and posture. This initiative aims to create community developed security configuration baselines for IT and Security products that are commonly used by organizations. in addition, …

Health Insurance Portability and Accountability Act (HIPAA)

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. The Act consists of five Titles that govern different aspects of the health ecosystem. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, regulates the use and disclosure of protected health information (PHI), and …

Payment Card Industry Data Security Standard (PCI DSS)

The Payment Card Industry Data Security Standard (PCI DSS) is an information security that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store, process or transmit cardholder data (CHD) …

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is an European Union (EU) regulation that details requirements for companies and organizations on collecting, storing and managing personal data. It applies to European organizations that process personal data of individuals in the EU, and to organizations outside the EU that target people living in the EU. It also addresses the export of personal data …