European Union General Data Protection Regulation
Compliance is required by any company that deals with any European Union Citizen’s personal Identifiable information. Companies and Governments must comply by May 28, 2018 or face stiff fines that can be as high as 4% of global turnover. Auditors are specifically interested in protecting privileged account credentials because they contribute to the most number of security breaches of PII. There may be hundreds or thousands of these privileged accounts at a company or government and auditors want these passwords changed regularly and strengthened to be longer and more complex. XTAM can automate this task as well as monitor sessions using these accounts.
Developed by NIST as part of the Federal Information Security Modernization Act (FISMA) of 2014, NIST Special Publication 800-171
) is a framework that specifies how your information systems and policies need to be setup in order to protect Controlled Unclassified Information (CUI).
To learn about how Xton Access Manager can help your business comply with NIST 800-171, please continue reading here
Originally published by the International Organization for Standardization (ISO) in 2005 and subsequently updated in 2013, ISO 27001:2013 (link) specifies the requirements for establishing, implementing, maintaining, and continually improving an organization’s information security management system (ISMS).
To learn about compliance with the ISO 27001 standard, please continue reading here
As part of the Special Publication 800-series that reports on the Information Technology Laboratory’s (ITL) research, guidelines, and outreach efforts in information system security, NIST Special Publication 800-53 (link
) covers the steps in the Risk Management Framework that address security control selection for federal information systems in accordance with the security requirements.
The Health Information Trust Alliance (HITRUST
) is a privately held company located in the United States that has established a Common Security Framework (CSF) that can be used by all organizations that create, access, store or exchange sensitive and/or regulated data.
The Payment Card Industry Data Security Standard (PCI DSS
) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment.
Center for Internet Security (CIS
) Controls are a prioritized set of actions to defend against the vast majority of the most common attacks.
The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT
) mission is to guide a cohesive effort between government and industry to improve the cyber security posture of control systems within the nation’s critical infrastructure.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA
) outlines what is required of healthcare organizations to ensure the portability of healthcare coverage and the privacy of patient records.
The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP
) plan is a set of requirements designed to secure the assets required for operating North America’s bulk electric system.
The Sarbanes-Oxley act (PDF)
was enacted by the United States Congress in July 2002. It requires publicly traded companies to ensure that they are properly reporting financial information. One of the most critical sections is section 404, which requires internal control over the creation of financial reports, and mandates responsibility for access privileges.
FDA 21 CFR Part 11
Pharmaceutical and other biotech companies are subject to regulation by the food and drug administration (FDA). One of the FDA regulations, regarding electronic signatures and the integrity of electronic systems, is FDA 21 CFR 11
GLB – Gramm-Leach-Bliley Act
The Gramm-Leach-Bliley act
, signed in 1999, applies to financial institutions and securities firms. It requires them to implement strict regulations to protect the privacy of customer data.