Organizations across the United States have a number of cybersecurity regulations to comply with, and need to show that they take protection of sensitive data seriously.
Consumer data in the US is currently protected by a patchwork of industry-specific, federal, and state laws, the scope and jurisdiction of which vary. The challenge of compliance for organizations that conduct business across all 50 states is considerable.
Forbes summarizes the issue:
“Increased regulatory fragmentation unduly diverts focus and resources, and ultimately threatens to make us more vulnerable to cyber attacks. Instead of a fractured approach by state, we need a coordinated national strategy for regulating cybersecurity.”
For example, NY financial institutions will be required to implement security measures in order to protect themselves against cyber attacks from March 1, 2017. They will need to not only maintain a cybersecurity policy and program, appoint a CISO, and implement risk assessment controls and an incident response plan, they will also have to provide regular cybersecurity awareness training, conduct penetration testing, and identify vulnerabilities.
Organizations also have the National Institute of Standards and Technology (NIST) Cybersecurity Framework (NIST SP 800-53) for guidance on helping reduce cybersecurity risks, and many organizations are required by contract or by law to implement the framework.
Complying with multiple cybersecurity regulations
Fulfil multiple cybersecurity obligations and benefit from international information security best practice to produce a solid framework with the ISO 27001 Cybersecurity Documentation Toolkit.
Covering state, national, and international cybersecurity frameworks, this toolkit will enable you to produce a robust management system that complies with:
- NIST SP 800-53
- New York State Department of Financial Services Cybersecurity Requirements for Financial Services Companies
- Massachusetts 201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth
- ISO 27001, the internationally-recognized cybersecurity framework
Comply with multiple cybersecurity regulations