Us Federal Regulation

Cybersecurity regulations are an evolving area that confuses General Counsels, and security practitioners. Regulations span geographies, data types, industries, and other corporate characteristics. Each regulation must be understood in context and programs put in place to cover all the requirements. The best practice is to adopt the most stringent aspects of the applicable laws into one compliance program and ensure that they have a program that maps the various control tests across security assessment frameworks. Companies should track the laws in the countries and states that they operate and tie that back to their data types and industry. This chapter examines US federal cybersecurity regulations.