Compliance Glossary

Regulatory compliance standards ensure a company follows industry regulations, standards, and legal requirements for information security and data privacy. 

There are so many regulations that if the US regulations is a country, it would be the world’s eighth largest economy. 

Importance of regulatory standards in cybersecurity

Cyberattacks can target any organization, whether you are a 10-person company or 1000 one. This is why compliance becomes a main factor for an organization’s ability to achieve success, maintain smooth operations, and uphold robust security practices.

Frameworks in action

Several regulatory frameworks play significant roles in ensuring compliance:

HIPAA and HITECH Act

This framework is mandatory if you are into healthcare-related businesses. Mostly, it focuses on controlling and authorizing access to electronic Protected Health Information (ePHI) throughout its lifecycle.

PCI Data Security Standards (DSS)

PCI DSS specifies security requirements for merchants and acquirers to protect cardholder data at all stages, from creation to destruction.

Sarbanes-Oxley (SOX)

SOX mandates financial companies to implement internal controls for the effectiveness of financial statements and attestations. It includes controls related to logical access, privileged access, segregation of duties, and more.

National Institute of Standards and Technology (NIST)

NIST has a long history of supporting various industries and offers various publications and reports to guide cybersecurity professionals. Notable mentions include NIST SP 800-53, the NIST Cybersecurity Framework, and NIST IR 7966.