SecureState can also help with regulatory standards for business obligations such as HIPAA, GLBA or PCI compliances. The following list of regulations and standards are explained below in more detail:
- Health Insurance Portability and Accountability Act (HIPAA)
- Gramm-Leach-Bliley Act (GLBA)
- PCI Data Security Standard
- Technical Guide (TR-39, formerly known as TG-3)
- North American Electric Reliability Corporation Critical Infrastructure Protection Standard (NERC CIP)
- Federal Information Security Management Act (FISMA)
- Health Information Technology for Economic and Clinical Health (HITECH)
The Health Insurance Portability and Accountability Act (HIPAA), the privacy standard that affects those organizations that handle Personal Health Information (PHI), was put in place in 1998. This regulation provides controls that must be followed by all organizations that hand PHI. Most recently, HIPAA has gained a great deal of traction because of the HITECH Act of 2009 which was part of the Stimulus Package. This act expanded HIPAA compliance to all organizations that work with the healthcare industry as well as increasing fines and punishments for those that do not comply.
The Gramm-Leach-Bliley Act (GLBA) of 1999 was implemented by the Senate Banking Committee to help financial service organizations establish GLBA compliance information security programs that will identify, assess, manage, and control risks that may threaten customer information.
The PCI Data Security Standard was developed in 1999 by the major credit card brands, and is the PCI compliance guideline for organizations to protect Cardholder Data. It has evolved into one of the most stringent and prescriptive standards to date focused on the protection of credit card data that is processed, transmitted, and/or stored.
Billions of Personal Identification Number (PIN) activated transactions are switched through shared ATM and POS networks each year. Each of these transactions is originated using a debit or credit card and PIN. With each interchange transaction, the security of the customer's PIN must rely on the security procedures and controls of the various processing entities and use certified devices such as Host Security Modules (HSM). The most common standard used to evaluate organizations is the Technical Guide (TR-39, formerly known as TG-3) developed by ANSI as part of the X9 standards for financial institutions.
Following the terrorist attacks of 2001 and the blackout of 2003, the North American Electric Reliability Corporation (NERC) published the Critical Infrastructure Protection (CIP) Standards to help energy companies protect against an outside attack on the nation’s energy grid via the internet. Inside the CIP standards are the eight Cyber Security Standards that companies must be completely compliant with by 2010, when NERC will begin to conduct audits.
The Federal Information Security Management Act (FISMA) was developed in 2002 as recognition of the United States for the need of organizations to develop an information security program to protect assets and preserve economic and national security interests. The FISMA process draws from a variety of standards and frameworks including NIST and FIPS.