What Is Your Scope of Compliance?

Print Friendly, PDF & Email

Unified Compliance Framework  put together this list of compliance requirement and regulatory schemes that may need to be part of your compliance program.

Below is a long list of regulatory schemes that may need to be part of your compliance framework:

Sarbanes Oxley Guidance

  • Sarbanes-Oxley Act (SOX)
  • PCAOB Auditing Standard No. 2
  • AICPA SAS 94
  • AICPA/CICA Privacy Framework
  • AICPA Suitable Trust Services Criteria
  • Retention of Audit and Review Records, SEC 17 CFR 210.2-06
  • Controls and Procedures, SEC 17 CFR 240.15d-15
  • Reporting Transactions and Holdings, SEC 17 CFR 240.16a-3
  • COSO Enterprise Risk Management (ERM) Framework
  • OMB Circular A-123 Management’s Responsibility for Internal Control
  • Securities Exchange Act of 1934
  • Implementation Guide for OMB Circular A-123 Management’s Responsibility for Internal Control
  • PCAOB Audit Standard No. 3
  • PCAOB Audit Standard No. 5
  • SAS 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
  • SAS 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained

Banking and Finance Guidance

  • Basel II: International Convergence of Capital Measurement and Capital Standards – A Revised Framework
  • BIS Sound Practices for the Management and Supervision of Operational Risk
  • Gramm-Leach-Bliley Act (GLB)
  • Standards for Safeguarding Customer Information, FTC 16 CFR 314
  • Privacy of Consumer Financial Information, FTC 16 CFR 313
  • Safety and Soundness Standards, Appendix of OCC 12 CFR 30
  • FFIEC IT Examination Handbook – Information Security
  • FFIEC IT Examination Handbook  – Development and Acquisition
  • FFIEC IT Examination Handbook   – Business Continuity Planning
  • FFIEC IT Examination Handbook   – Audit
  • FFIEC IT Examination Handbook   – Management
  • FFIEC IT Examination Handbook   – Operations
  • ACH (Automated Clearing House) Operating Rules OCC Bulletin 2004-58
  • Bank Secrecy Act (aka Currency and Foreign Transaction Reporting Act)
  • Check 21 (Check Clearing for the 21st Century) Act
  • FCRA (Fair Credit Reporting Act)
  • FDIC and FFIEC Guidance on Authentication in an Internet Banking Environment
  • FFIEC IT Examination Handbook – Outsourcing Technology Services
  • FFIEC IT Examination Handbook – Supervision of Technology Service Providers
  • FFIEC IT Examination Handbook – Wholesale Payment Systems
  • FFIEC IT Examination Handbook – Retail Payment Systems
  • FFIEC IT Examination Handbook – E-Banking

NASD NYSE Guidance

  • NASD Manual
  • Recordkeeping rule for securities exchanges, SEC 17 CFR 240.17a-1
  • Records to be made by certain exchange members SEC 17 CFR 240.17a-3
  • Records to be preserved by certain exchange members SEC 17 CFR 240.17a-4
  • Recordkeeping SEC 17 CFR 240.17Ad-6
  • Record retention SEC 17 CFR 240.17Ad-7
  • NYSE Listed Company Manual
  • Securities Act of 1933
  • Part II Securities and Exchange Commission 17 CFR Parts 210, 228, 229 and 240 Amendments to Rules Regarding Management’s Report on Internal Control Over Financial Reporting; Final Rule

Healthcare and Life Science Guidance

  • HIPAA (Health Insurance Portability and Accountability Act)
  • HIPAA HCFA Internet Security Policy
  • Introductory Resource Guide for HIPAA NIST (800-66)
  • CMS Core Security Requirements (CSR)
  • CMS Information Security Acceptable Risk Safeguards (ARS)
  • SYSTEM SECURITY PLANS (SSP) METHODOLOGY
  • CMS Info Security Business Risk Assessment
  • CMS Business Partners Systems Security Manual
  • FDA Electronic Records; Electronic Signatures FDA 21 CFR Part 11+D1

Energy Guidance

  • FERC Security Program for Hydropower Projects
  • North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards

Payment Card Guidance

  • PCI DSS (Payment Card Industry Data Security Standard) 1.1 [Redacted: Q3 07]
  • Payment Card Industry (PCI) Data Security Standard Security Audit Procedures 1.1 [Redacted: Q3 08]
  • Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures Version 1.2 [Released: Q4 08]
  • PCI DSS Security Scanning Procedures [Released: Q3 07]
  • Payment Card Industry (PCI) Payment Application Data Security Standard 1.1 [Redacted: Q3 08]
  • MasterCard Wireless LANs – Security Risks and Guidelines [Released: Q3 07]
  • Payment Card Industry Self-Assessment Questionnaire A [Released: Q4 07]
  • Payment Card Industry Self-Assessment Questionnaire B [Released: Q4 07]
  • Payment Card Industry Self-Assessment Questionnaire C [Released: Q4 07]
  • Payment Card Industry Self-Assessment Questionnaire D [Released: Q4 07]
  • VISA CISP: What to Do If Compromised [Released: Q3 07]
  • Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data Version 1.2 October 2008 [Released: Q4 08]
  • VISA Incident Response Procedure for Account Compromise [Released: Q3 07]
  • Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage Version 1.2 October 2008 [Released: Q4 08]
  • Visa Payment Application Best Practices (PABP) [Redacted: Q4 07]
  • Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version 1.2 October 2008 [Released: Q4 08]
  • VISA E-Commerce Merchants Guide to Risk Management [Released: Q3 08]
  • Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers Version 1.2 October 2008 [Released: Q4 08]
  • MasterCard Electronic Commerce Security Architecture Best Practices [Released: Q3 07]
  • American Express Data Security Standard (DSS) [Released: Q3 07]
  • BBB Online Code of Business Practices [Released: Q3 07]

US Federal Security Guidance

  • FTC Electronic Signatures in Global and National Commerce Act (ESIGN) [Released: Release 1]
  • Uniform Electronic Transactions Act (UETA) [Released: Release 1]
  • FISMA (Federal Information Security Management Act) [Released: Release 1]
  • FISCAM (Federal Information System Controls Audit Manual) [Released: Release 1]
  • FIPS 140-2, Security Requirements for Cryptographic Modules [Released: Release 1]
  • FIPS 191, Guideline for the Analysis of LAN Security [Released: Release 1]
  • FIPS 199, Standards for Security Categorization of Federal Information and Information Systems [Released: Release 1]
  • FIPS 200, Minimum Security Requirements for Federal Information and Information Systems [Released: Q3 07]
  • Clinger-Cohen Act (Information Technology Management Reform Act) [Released: Release 1]
  • DoD 5220.22-M, National Industrial Security Program Operating Manual [Released: Q3 07]
  • The National Strategy to Secure Cyberspace [Released: Release 1]
  • GAO Financial Audit Manual [Released: Release 1]
  • Standard for Electronic Records Management Software, DOD 5015.2 [Released: Release 1]
  • Corporate Information Security Working Group: Report of the best practices and metrics teams; subcommittee on technology, information policy, intergovernmental relations and the census; Government Reform Committee, United States House of Representatives [Released: Release 1]
  • CISWG Information Security Program Elements [Released: Q3 07]
  • Appendix III to OMB Circular No. A-130: Security of Federal Automated Information Resources [Released: Release 1]
  • NCUA Guidelines for Safeguarding Member Information, 12 CFR 748 [Released: Release 1]
  • CT-PAT Best Practices Guide [Released: Q4 07]
  • US Export Administration Regulations [Released: Q4 07]
  • US The International Traffic in Arms Regulations [Released: Q4 07]

US Internal Revenue Guidance

  • IRS Revenue Procedure: Retention of books and records, 97-22 [Released: Release 1]
  • IRS Revenue Procedure: Record retention: automatic data processing, 98-25 [Released: Release 1]
  • IRS Internal Revenue Code Section 501(c)(3) [Released: Release 1]

Records Management Guidance

  • Federal Rules of Civil Procedure [Released: Release 1]
  • Uniform Rules of Evidence [Released: Release 1]
  • ISO 15489-1, Information and Documentation: Records management: General [Released: Release 1]
  • ISO 15489-2, Information and Documentation: Records management: Guidelines [Released: Release 1]
  • The DIRKS Manual: A Strategic Approach to Managing Business Information [Released: Release 1]
  • The Sedona Principles Addressing Electronic Document Production [Released: Release 1]
  • 16 CFR Part 682 Disposal of consumer report information and records [Released: Q3 08]

NIST Guidance

  • Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14 [Released: Release 1]
  • Developing Security Plans for Federal Information Systems, NIST SP 800-18 [Released: Release 1]
  • Security Self-Assessment Guide, NIST SP 800-26 [Released: Release 1]
  • Risk Management Guide, NIST SP 800- 30 [Released: Release 1]
  • Underlying Technical Models for Information Technology Security [Released: Release 1]
  • Contingency Planning Guide for Information Technology Systems, NIST SP 800-34 [Released: Release 1]
  • Creating a Patch and Vulnerability Management Program, NIST SP 800-40 [Released: Release 1]
  • Guidelines on Firewalls and Firewall Policy, NIST SP 800-41 [Released: Release 1]
  • Recommended Security Controls for Federal Information Systems, NIST SP 800-53 [Released: Release 1]
  • Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60 [Released: Release 1]
  • Computer Security Incident Handling Guide, NIST SP 800-61 [Released: Release 1]
  • Security Considerations in the Information System Development Life Cycle, NIST SP 800-64 [Released: Release 1]
  • Guide for Developing Performance Metrics for Information Security, NIST SP 800-80 [Released: Q4 07]
  • Security Metrics Guide for Information Technology Systems, NIST SP 800-55 [Released: Q4 07]
  • Guide for Assessing the Security Controls in Federal Information Systems, NIST 800-53A [Released: Q3 08]
  • Performance Measurement Guide for Information Security, NIST 800-55 Rev. 1 [Released: Q4 08]

ISO Guidance

  • ISO 73:2002, Risk Management – Vocabulary [Released: Release 1]
  • ISO 17799:2000, Code of Practice for Information Security Management [Released: Release 1]
  • ISO 17799:2005 Code of Practice for Information Security Management [Released: Q1 08]
  • ISO 27001:2005, Information Security Management Systems – Requirements [Released: Q1 08]
  • ISO/IEC 20000-12:2005 Information technology – Service Management Part 1 [Released: Release 1]
  • ISO/IEC 20000-2:2005 Information technology – Service Management Part 2 [Released: Release 1]
  • ISO/IEC 15408-1:2005 Common Criteria for Information Technology Security Evaluation Part 1 [Released: Q1 08]
  • ISO/IEC 15408-2:2005 Common Criteria for Information Technology Security Evaluation Part 2 [Released: Q1 08]
  • ISO/IEC 15408-3:2005 Common Criteria for Information Technology Security Evaluation Part 3 [Released: Q1 08]
  • ISO/IEC 27002-2005 Code of practice for information security management [Released: Q1 08]
  • ISO/IEC 18045:2005 Common Methodology for Information Technology Security Evaluation Part 3 [Released: Q3 08]
  • ISO 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management [Released: Q1 08]
  • ISO 13335-3:1998, Information technology — Guidelines for the management of IT Security — Part 3: Techniques for the management of IT Security [Released: Q1 08]
  • ISO 13335-4:2000, Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards [Released: Q1 08]
  • ISO 13335-5:2001, Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security [Released: Q1 08]

ITIL Guidance

  • OGC ITIL: Planning to Implement Service Management [Released: Release 1]
  • OGC ITIL: ICT Infrastructure Management [Released: Release 1]
  • OGC ITIL: Service Delivery [Released: Release 1]
  • OGC ITIL: Service Support [Released: Release 1]
  • OGC ITIL: Application Management [Released: Release 1]
  • OGC ITIL: Security Management [Released: Release 1]
  • CobiT 3rd Edition [Redacted: Release 1]
  • CobiT 4.1 [Released: Release 1]
  • ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals [Released: Release 1]
  • Disaster / Emergency Management and Business Continuity, NFPA 1600 [Released: Release 1]
  • ISF Standard of Good Practice for Information Security [Redacted: Release 1]
  • ISF Security Audit of Networks [Released: Release 1]
  • A Risk Management Standard, jointly issued by AIRMIC, ALARM, and IRM [Released: Release 1]
  • Business Continuity Institute (BCI) Good Practice Guidelines [Released: Release 1]
  • ISSA Generally Accepted Information Security Principles (GAISP) [Released: Release 1]
  • CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE) [Released: Release 1]
  • The GAIT Methodology [Released: Release 1]
  • AICPA Incident Response Plan: Template for Breach of Personal Information [Released: Release 1]
  • IIA Global Technology Audit Guide (GTAG): Information Technology Controls [Released: Release 1]
  • The Standard of Good Practice for Information Security [Released: Q4 08]

US Federal Privacy Guidance

  • Cable Communications Privacy Act Title 47 § 551 [Released: Release 1]
  • Telemarketing Sales Rule (TSR), 16 CFR 310 [Released: Release 1]
  • CAN SPAM Act [Released: Release 1]
  • Children’s Online Privacy Protection Act (COPPA), 16 CFR 312 [Released: Release 1]
  • Driver’s Privacy Protection Act (DPPA), 18 USC 2721 [Released: Release 1]
  • Family Education Rights Privacy Act (FERPA), 20 USC 1232 [Released: Release 1]
  • Privacy Act of 1974, 5 USC 552a [Released: Release 1]
  • Video Privacy Protection Act (VPPA), 18 USC 2710 [Released: Release 1]
  • Specter-Leahy Personal Data Privacy and Security Act [Released: Release 1]
  • Amendments to the FTC Telemarketing Sales Rule [Released: Release 1]
  • Children’s Online Privacy Protection Act [Released: Release 1]
  • FACT Act (Fair and Accurate Credit Transactions Act of 2003) [Released: Q3 08]

US State Laws Guidance

  • Arkansas Personal Information Protection Act AR SB 1167 [Released: Release 1]
  • Arizona Amendment to Arizona Revised Statutes 13-2001, AZ HB 2116 [Released: Release 1]
  • California Information Practice Act, CA SB 1386 [Released: Release 1]
  • California General Security Standard for Businesses CA AB 1950 [Released: Release 1]
  • California Public Records Military Veteran Discharge Documents, CA AB 1798 [Released: Release 1]
  • California OPP Recommended Practices on Notification of Security Breach [Released: Release 1]
  • Colorado Prohibition against Using Identity Information for Unlawful Purpose, CO HB 1134 [Released: Release 1]
  • Colorado Consumer Credit Solicitation Protection, CO HB 1274 [Released: Release 1]
  • Colorado Prohibiting Inclusion of Social Security Number, CO HB 1311 [Released: Release 1]
  • Connecticut law Requiring Consumer Credit Bureaus to Offer Security Freezes, CT SB 650 [Released: Release 1]
  • Connecticut law Concerning Nondisclosure of Private Tenant Information, CT HB 5184 [Released: Release 1]
  • Delaware Computer Security Breaches DE HB 116 [Released: Release 1]
  • Florida Personal Identification Information/Unlawful Use, FL HB 481 [Released: Release 1]
  • Georgia Consumer Reporting Agencies, GA SB 230 [Released: Release 1]
  • Georgia Public employees; Fraud, Waste, and Abuse, GA HB 656 [Released: Release 1]
  • Hawaii Exempting disclosure of Social Security numbers HI HB 2674 [Released: Release 1]
  • Illinois Personal Information Protection Act IL HB 1633 [Released: Release 1]
  • Indiana Release of Social Security Number, Notice of Security Breach IN SB 503 [Released: Release 1]
  • Louisiana Database Security Breach Notification Law, LA SB 205 Act 499 [Released: Release 1]
  • Maine law To Protect Maine Citizens from Identity Theft, ME LD 1671 [Released: Release 1]
  • Minnesota Data Warehouses; Notice Required for Certain Disclosures, MN HF 2121 [Released: Release 1]
  • Missouri War on Terror Veteran Survivor Grants, MO HB 957 [Released: Release 1]
  • Montana bill to Implement Individual Privacy and to Prevent Identity Theft, MT HB 732 [Released: Release 1]
  • New Jersey Identity Theft Prevention Act, NJ A4001/S1914 [Released: Release 1]
  • New York Information Security Breach and Notification Act [Released: Release 1]
  • Nevada Security Breach Notification Law, NV SB 347 [Released: Release 1]
  • North Carolina Security Breach Notification Law (Identity Theft Protection Act) , NC SB 1048 [Released: Release 1]
  • North Dakota Personal Information Protection Act, ND SB 2251 [Released: Release 1]
  • Ohio Personal information – contact if unauthorized access, OH HB 104 [Released: Release 1]
  • Rhode Island Security Breach Notification Law, RI HB 6191 [Released: Release 1]
  • Tennessee Security Breach Notification, TN SB 2220 [Released: Release 1]
  • Texas Identity Theft Enforcement and Protection Act, TX SB 122 [Released: Release 1]
  • Vermont Relating to Identity Theft , VT HB 327 [Released: Release 1]
  • Virginia Identity theft; penalty; restitution; victim assistance, VA HB 872 [Released: Release 1]
  • Washington Notice of a breach of the security, WA SB 6043 [Released: Release 1]
  • § 1724 California Civil Code [Released: Q3 07]
  • Texas Business and Commerce Code, secs. 48.102, 48.103 [Released: Q3 07]
  • Minnesota Plastic Card Security Act (H.F. 1758 [Released: Q3 07]
  • California Personal Information: Disclosure to Direct Marketers Act (SB 27) [Released: Q3 08]

EU Guidance

  • EU Directive on Privacy and Electronic Communications, 2002/58/EC [Released: Release 1]
  • EU Directive on Data Protection, 95/46/EC [Released: Release 1]
  • US Department of Commerce EU Safe Harbor Privacy Principles [Released: Release 1]
  • Consumer Interests in the Telecommunications Market, Act No. 661 [Released: Release 1]
  • OECD / World Bank Technology Risk Checklist [Released: Release 1]
  • OECD Guidelines on Privacy and Transborder Flows of Personal Data [Released: Release 1]
  • UN Guidelines for the Regulation of Computerized Personal Data Files (1990) [Released: Release 1]
  • ISACA Cross-Border Privacy Impact Assessment [Released: Release 1]
  • Information Technology Security Evaluation Manual (ITSEM) [Released: Release 1]
  • Information Technology Security Evaluation Criteria (ITSEC) [Released: Release 1]
  • Directive 2003/4/EC Of The European Parliament [Released: Release 1]
  • EU 8th Directive (European SOX) [Released: Q4 08]
  • OECD Principles of Corporate Governance [Released: Q4 08]

UK and Canadian Guidance

  • Financial Reporting Council, Combined Code on Corporate Governance [Released: Q4 08]
  • Turnbull Guidance on Internal Control, UK FRC [Released: Release 1]
  • Smith Guidance on Audit Committees, UK FRC [Released: Release 1]
  • UK Data Protection Act of 1998 [Released: Release 1]
  • IT Service Management Standard , BS 15000-1 [Released: Release 1]
  • IT Service Management Standard – Code of Practice, BS 15000-2 [Released: Release 1]
  • British Standards Institute PAS 56, Guide to Business Continuity Management [Released: Release 1]
  • Canada Keeping the Promise for a Strong Economy Act, Bill 198 [Released: Release 1]
  • Canada Personal Information Protection Electronic Documents Act (PIPEDA) [Released: Release 1]
  • Canada Privacy Policy and Principles [Released: Release 1]
  • Canadian Marketing Association Code of Ethics and Standards of Practice [Released: Q4 08]

Other European and African Guidance

  • Austria Data Protection Act [Released: Release 1]
  • Austria Telecommunications Act [Released: Release 1]
  • Bosnia Law on Protection of Personal Data [Released: Release 1]
  • Czech Republic Personal Data Protection Act [Released: Release 1]
  • Denmark Act on Competitive Conditions and Consumer Interests [Released: Release 1]
  • Finland Personal Data Protection Act [Released: Release 1]
  • Finland act on the amendment of the Personal Data Act (986/2000) [Released: Release 1]
  • France Data Protection Act [Released: Release 1]
  • German Federal Data Protection Act [Released: Release 1]
  • IT Baseline Protection Manual Germany [Released: Release 1]
  • Greece Law on the Protection of Individuals with Regard to the Processing of Personal Data [Released: Release 1]
  • Hungary Protection of Personal Data and Disclosure of Data of Public Interest [Released: Release 1]
  • Iceland Protection of Privacy as regards the Processing of Personal Data [Released: Release 1]
  • Ireland Data Protection Act of 1988 [Released: Release 1]
  • Ireland Data Protection Amendment 2003 [Released: Release 1]
  • Italy Personal Data Protection Code [Released: Release 1]
  • Italy Protection of Individuals Other Subject with regard to the Processing of Personal Data [Released: Release 1]
  • Lithuania Law on Legal Protection of Personal Data [Released: Release 1]
  • Luxembourg Data Protection Law [Released: Release 1]
  • Netherlands Personal Data Protection Act [Released: Release 1]
  • Poland Protection of Personal Data Act [Released: Release 1]
  • Slovak Republic Protection of Personal Data in Information Systems [Released: Release 1]
  • Personal Data Protection Act of the Republic of Slovenia of 2004 [Released: Release 1]
  • South Africa Promotion of Access to Information Act [Released: Release 1]
  • ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data [Released: Release 1]
  • Sweden Personal Data Act [Released: Release 1]
  • Switzerland Federal Act on Data Protection [Released: Release 1]
  • German Corporate Governance Code (“The Code”) [Released: Q4 08]
  • The Dutch corporate governance code, Principles of good corporate governance and best practice provisions [Released: Q4 08]
  • The King Committee on Corporate Governance, Executive Summary of the King Report 2002 [Released: Q4 08]
  • Swedish Code of Corporate Governance; A Proposal by the Code Group [Released: Q4 08]

Asia and Pacific Rim Guidance

  • Australia Better Practice Guide – Business Continuity Management [Released: Release 1]
  • Australia Spam Act [Released: Release 1]
  • Australia Spam Act 2003: A practical guide for business [Released: Release 1]
  • Australia Privacy Act [Released: Release 1]
  • Australia Telecommunications Act [Released: Release 1]
  • Hong Kong Personal Data (Privacy) Ordinance [Released: Release 1]
  • Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce in the Private Sector (version 1.0) [Released: Release 1]
  • Japan Handbook Concerning Protection Of Personal Data [Released: Release 1]
  • Japan Personal Information Protection Act (Law No. 57 of 2003) [Released: Release 1]
  • Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc [Released: Release 1]
  • Korea Act on the Protection of Personal Information Maintained by Public Agencies 1994 [Released: Release 1]
  • Korea Act Relating to Use and Protection of Credit Information [Released: Release 1]
  • New Zealand Privacy Act 1993 [Released: Release 1]
  • Taiwan Computer-Processed Personal Data Protection Law 1995 [Released: Release 1]
  • India Information Technology Act (ITA-2000) [Released: Release 1]
  • Australian Government ICT Security Manual (ACSI 33) [Released: Q3 08]
  • Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 [Released: Q4 08]
  • Corporate Governance in listed Companies – Clause 49 of the Listing Agreement [Released: Q4 08]
  • CODE OF CORPORATE GOVERNANCE 2005 [Released: Q4 08]
  • Argentina Personal Data Protection Act [Released: Release 1]
  • Mexico Federal Personal Data Protection Law [Released: Release 1]

System Configuration Guidance

  • CI Security Persistent Identifiers [Released: Q3 07]
  • CI Security Solaris Benchmark v2.1 [Released: Q3 07]
  • CI Security Solaris Benchmark v1.3 [Released: Q3 07]
  • CI Security HP-UX Benchmark v1.3 [Released: Q3 07]
  • CI Security Red Hat Enterprise Linux Benchmark v1.0 [Released: Q3 07]
  • CI Security Red Hat Enterprise Linux Benchmark v1.0.5 [Released: Q3 07]
  • CI Security SuSE Linux Enterprise Server Benchmark v1.0 [Released: Q3 07]
  • CI Security Slackware Linux Benchmark v1.1 [Released: Q3 07]
  • CI Security AIX Benchmark v1.0 [Released: Q3 07]
  • CI Security FreeBSD Benchmark v1.0 [Released: Q3 07]
  • Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2 [Released: Q4 07]
  • Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 5 Release 1 [Released: Q4 07]
  • CI Security Windows XP Professional SP1/SP2 [Released: Q3 07]
  • Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68 [Released: Q4 07]
  • NSA Guide to Security Microsoft Windows XP [Released: Q4 07]
  • CI Security Windows 2000 Professional [Released: Q4 07]
  • DISA Windows XP Security Checklist Version 6 [Released: Q1 08]
  • CI Security Windows 2000 Server [Released: Q3 07]
  • CI Security Windows Server 2003 [Released: Q4 07]
  • CI Security Windows 2000 [Released: Q4 07]
  • CI Security Windows NT [Released: Q4 07]
  • DISA Windows VISTA Security Checklist Version 6 [Released: Q1 08]
  • NSA Guide to Securing Microsoft Windows 2000 Group Policy [Released: Q4 07]
  • Center for Internet Security Mac OS X Tiger Level I Security Benchmark
  • Center for Internet Security Open Enterprise Server: NetWare (v1) Consensus Baseline Security Settings
  • Mac OS X Security Configuration for version 10.4 or later, second edition]
  • Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings
  • DISA Windows Server 2003 Security Checklist Version 6
    DISA WIRELESS STIG BLACKBERRY SECURITY CHECKLIST, Version 5, Release 1.2
  • DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2

Author: Doug Cornelius

You can find out more about Doug on the About Doug page

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.