• Financial Industry Regulatory Authority (FINRA) Rule Sets Authoritative Source Content

    As part of it's role as regulator of securities firms and brokers, FINRA enacts rules and publishes guidance to protect investors and promote market integrity.  FINRA Rules 2000-7000 cover various aspects regardi...
    Christine Tran
    last modified by Susan Read-Miller
  • National Institute of Standards and Technology Guidelines Authoritative Source Content

    The National Institute of Standards and Technology (NIST) is a part of the U.S. Department of Commerce. NIST's mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, sta...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • Australian Government Information Security Manual (ISM) Authoritative Source Content

    The Australian Signals Directorate (ASD) produces the Australian Government Information Security Manual (ISM). The manual is the standard which governs the security of government ICT systems. It complements the P...
    Corey Carpenter
    last modified by Christine Tran
  • Banco Central do Brasil 2025 Authoritative Source Content

    Resolution 2025 of the Central Bank of Brazil is a regulation that changes and consolidates the rules regarding the opening, maintenance and movement of financial accounts. In order to open a financial account, a comp...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • G.S.A. FedRAMP Revision 4 Authoritative Source Content

    The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products an...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • Wolters Kluwer Regulatory Data Feed Integration

    Wolters Kluwer is a global provider of actionable regulatory content designed to work to support regulatory change management initiatives. Wolters Kluwer has over 400 in house experts (former regulators, compliance at...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • RSA Archer Policy Library Content

    The RSA Archer Policy Library includes a set of 19 best-practice policies developed by RSA Archer in cooperation with leading Fortune 1000 organizations and aligned with the International Organization for Standardizat...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • RSA Archer Control Standards Library Content

    The RSA Archer Control Standards library consists of over 1,200 best-practice control standards organized through a custom GRC taxonomy developed specifically to align with multiple best-practice external standards an...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • Australian Government Protective Security Policy Framework (PSPF) Authoritative Source Content

    The PSPF has been developed to assist Australian Government entities to protect their people, information and assets, at home and overseas. The PSPF provides policy, guidance and better practice advice for governance,...
    Corey Carpenter
    last modified by Susan Read-Miller
  • Canadian Anti-Spam Legislation (CASL) Authoritative Source Content

    The Canadian Anti-Spam Legislation (CASL) prohibit companies from sending commercial electronic messages, to an electronic address, without consent (permission). It also covers the installation of computer programs wi...
    Corey Carpenter
    last modified by Susan Read-Miller
  • Shared Assessments Standard Information Gathering Template (SIG) Question Library Content

    The Shared Assessments Program has been setting the standard in third party risk management since 2005, when the Big Four and six global banks collaborated to form Shared Assessments to address the inefficiencies surr...
    Corey Carpenter
    last modified by Susan Read-Miller
  • Singapore Cybersecurity Act Authoritative Source Content

    The Singapore Cybersecurity Act of 2018 is legislation passed by the Parlaiment of Singapore to require or authorize the taking of measures to prevent, manage and respond to cybersecurity threats and incidents, t...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • RSA Archer Question Library Content

    The RSA Archer Question Library is a central repository for any assessment-based content that might be used to drive questionnaire generation or facilitate compliance assessments. Out-of-the-box the RSA Archer Questio...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • European Union General Data Protection Regulation (GDPR) Authoritative Source Content

    The European Regulation 2016/679, also known as the European Union General Protection Regulation (GDPR) provides regulatory guidance on the protection of natural persons with regard to the processing of pers...
    Susan Read-Miller
    last modified by Christine Tran
  • Payment Card Industry Data Security Standard (PCI DSS) Authoritative Source Content

    The Payment Card Industry Data Security Standard is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical p...
    Susan Read-Miller
    last modified by Susan Read-Miller
  • CNSS Instruction No. 1253 Authoritative Source Content

    The Committee on National Security Systems (CNSS) Instruction No. 1253, Security Categorization and Control Selection for National Security Systems, provides all Federal Government departments, agencies, bureaus, and ...
    Susan Read-Miller
    last modified by Christine Tran
  • U.S. Department of Education Family Educational Rights and Privacy Act (FERPA) Authoritative Source Content

    The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds...
    Susan Read-Miller
    last modified by Christine Tran
  • Clinger-Cohen Act Authoritative Source Content

    The Clinger-Cohen Act includes two U.S. laws that were passed together as part of the National Defense Authorization Act for Fiscal Year 1996.  It is intended to establish an approach for acquisition, management ...
    Susan Read-Miller
    last modified by Christine Tran
  • Comisión Nacional Bancaria y de Valores de México Chapter X Authoritative Source Content

    The Comisión Nacional Bancaria y de Valores de México (CNBV) provides requirements for the National Banking and Securities Law which define strict, deadline-based guidelines for enhanced security control...
    Susan Read-Miller
    last modified by Christine Tran
  • Turkish Communiqué on Principles in Information Systems Authoritative Source Content

    The Turkish Communiqué on Principles in Information Systems Authoritative Source Content lays down the minimum principles and procedures to be considered in information systems management which banks use in per...
    Susan Read-Miller
    last modified by Christine Tran