|Payment Card Industry
||The PCI Security Council maintains, develops, and promotes the Payment Card Industry Security Standards. The council provides the guidance needed for implementation of the standards such as assessment and scanning qualifications, self-assessment questionnaires, training and education, and product certification programs.
||PCI DSS Requirement 11.2.2
||PCI DSS Requirement 6.2
|Health Insurance Portability and Accountability Act
||HIPAA (Health Insurance Portability and Accountability Act of 1996) is United States legislation that provides data privacy and security provisions for safeguarding medical information.
||Risk Analysis Requirement 45CFR§164.308 (a)(1)(ii)(A)
||Risk Management Requirement 45CFR§164.308 (a)(1)(ii)(B)
||The Sarbanes-Oxley Act of 2002 is legislation passed by the U.S. Congress to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise, as well as improve the accuracy of corporate disclosures.
||The Gramm-Leach-Bliley Act, also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals.
||Title V, Subtitle A, Sections 501 (a) & (b)
|National Institute of Standards and Technology
||NIST is the National Institute of Standards and Technology, a unit of the U.S. Commerce Department. Formerly known as the National Bureau of Standards, NIST promotes and maintains measurement standards.
|International Organization for Standardization
||ISO is a worldwide federation of national standards bodies from some 100 countries, with one standards body representing each member country.
||Sections 12.5.1 and 12.6.1
|Australian Signals Directorate
||The Australian Signals Directorate is an intelligence agency in the Australian Government Department of Defense.
||Top 4 - (2) & (3)
|Monetary Authority of Singapore
||The Monetary Authority of Singapore is the central bank of Singapore. Their mission is to promote sustained non-inflationary economic growth, and a sound and progressive financial center.
||Chapters 9.4 & 10.1
| Society for Worldwide Interbank Financial Telecommunication
||SWIFT is a global member-owned cooperative and the world’s leading provider of secure financial messaging services
|Republic of the Philippines, Data Privacy Act of 2012
||The goal of the Philippines Data Privacy Act is to combat the ever-growing threat posed by the theft of personal information by nation-states, terrorist organizations and independent criminal actors.
||28.d and 28. f
|New York State Dept of Financial Services
||The New York State Department of Financial Services is a department of the New York state government responsible for regulating financial services including those subject to insurance, banking, and financial services.
||Sections 500.05 and 500.09
|North American Electric Reliability Corp
||The North American Electric Reliability Corporation (NERC) is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America. NERC develops and enforces Reliability Standards; annually assesses seasonal and long‐term reliability; monitors the bulk power system through system awareness; and educates, trains, and certifies industry personnel.
|Federal Energy Reg. Comm.
||The Federal Energy Regulatory Commission(FERC) is a United States federal agency that regulates the transmission and wholesale sale of electricity, natural gas, and oil and transported between states in the wholesale market.
||FERC references NERC, ISO, and security for ICS implementations. They do not provide unique guidance.
|Health Info Technology for Economic and Clinical Health
||The HITECH Act established the Office of the National Coordinator (ONC) into law and provides the U.S. Department of Health and Human Services with authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.
||Technical Safeguards - §164.312 (HIPAA)
|European Union Data Protection Regulation
||The EU General Data Protection Regulation (GDPR) supersedes the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
||GPDR Risk Assessment infers the requirements for vulnerability and patch management to protect data.
|Defense Federal Acquisition Regulation
||DFARS provides Department of Defense (DoD) specific acquisition regulations that government acquisition officials and those contractors doing business with DoD, must follow in the procurement process for goods and services.
||DFARS is a regulatory vehicle for procurement and will reference NIST 800-53 and NIST 800-171 in order to be compliant
|Adversarial Tactics, Techniques, and Common Knowledge
||MITRE’s Adversarial Tactics, Techniques, and Common Knowledge is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s lifecycle and the platforms they are known to target.
||ATT&CK phases from persistence, privileged escalation, defense evasion, credential access, discovery, lateral movement, execution, collection, exfiltration, and command control can be mapped to vulnerabilities, exploits, and remediation strategies.