The Secret Security Wiki
Regulations and guidelines are a big part of the cybersecurity industry. Core identity and access management (IAM) guidelines protect identities according to industries and actions taken.
The Payment Services Directive is an EU Directive administered by the European Commission (Directorate General Internal Market) to regulate payment services and payment service providers throughout the European Union (EU) and European Economic Area (EEA). The Directive’s purpose was to increase pan-European competition and participation in the payments industry. PSD also aims to encourage non-banks...
The United States federal government maintains a long list of protocols for how it goes about buying equipment and supplies for its various agencies and projects. These rules are laid out in the Federal Acquisition Regulations (FAR). The Defense Federal Acquisition Regulations Supplement, or DFARS, is the subset of FAR that deals with procurement for...
The US National Institute of Standards and Technology (NIST) is one of the oldest and most prestigious organizations dealing with standards on digital data. Founded in 1901, NIST is a chain of physical laboratories charged with researching best practices on a wide variety of technical and applied sciences. Today NIST is most known for its...
Who are they? The Center of Internet Security (CIS) is a not-for-profit NGO that develops its own Configuration Policy Benchmarks (CPB). The CPB are essentially guidelines by which organizations can improve their cybersecurity and compliance programs and posture. This initiative aims to create community developed security configuration baselines for IT and Security products that are...
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the United States Congress and signed by President Bill Clinton in 1996. The Act consists of five Titles that govern different aspects of the health ecosystem. Title II of HIPAA, known as the Administrative Simplification (AS) provisions, regulates the use and disclosure...
The Payment Card Industry Data Security Standard (PCI DSS) is an information security that provides a baseline of technical and operational requirements designed to protect account data. PCI DSS applies to all entities involved in payment card processing—including merchants, processors, acquirers, issuers, and service providers. PCI DSS also applies to all other entities that store,...
The General Data Protection Regulation (GDPR) is an European Union (EU) regulation that details requirements for companies and organizations on collecting, storing and managing personal data. It applies to European organizations that process personal data of individuals in the EU, and to organizations outside the EU that target people living in the EU. It also...