Supplemental Materials

SP 800-37

[SP 800-37] “Risk Management Framework for Information Systems and Organizations A System Life Cycle Approach for Security and Privacy ” NIST Special Publication 800-37r2, 2018.

SP 800-53

[SP 800-53] “Security and Privacy Controls for Federal Information Systems and Organizations” NIST Special Publication 800-53r5, 2020.

SP 800-172

[SP 800-172] “Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST Special Publication 800-171” NIST Special Publication 800-172, 2021.

NISTIR 8286

[NISTIR 8286] “Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management: Draft NISTIR 8286A Available for Comment" Draft NISTIR 8286A, 2020

NISTIR 8286A

[NISTIR 8286A] “https://csrc.nist.gov/publications/detail/nistir/8286/final" NISTIR 8286, 2020

GDPR

[GDPR] "What is The General Data Protection Regulation" EUs 2018 Privacy Law

FISMA 2014

[FISMA] "Federal Information Security Modernization Act of 2014"

HIPPA

[HIPPA] "The Health Insurance Portability and Accountability Act of 1996"

SOX

[SOX] "Sarbanes-Oxley Act of 2002"

GLBA

[GLBA] "Gramm-Leach-Bliley Act of 2002"

CIPA

[CIPA] "Children's Internet Protection Act", 2000

COPPA

[CIPA] "Children's Online Privacy Protection Rule", 1998

FERPA

[CIPA] "Family Educational Rights and Privacy Act", 1974

Page updated

Google Sites

Report abuse