현재 위치: WiKi Security Spirit » 보안정책 지침 » 기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정

문서의 이전 판입니다!

기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정

(*) 출처 : symantec

Standard/Regulation Industry Type Comments/URLs
ISO/IEC 17799 International - Baseline Standard “The International Organization for Standardization” www.iso-17799.com
BS 7799 Part 1 British Government Standard British Standard. Predecessor to ISO 17799 standard
AS4444/NZS4444 Australian Government Standard Australian Standard/New Zealand Standard. Replaced by ISO 17799 standard
HIPAA Health Care Regulation Health Insurance Portability And Accountability Act of 1996.
CIS Benchmarks Worldwide Consortium Standard The Center for Internet Security Solaris Benchmark
Gramm-Leach-Bliley Act (GLBA) US Financial Services Law Regulation US Legislation passed Nov. 1999.
SANS/FBI Top 20 List General Security Standard System Administration, Networking and Security/Federal Bureau of Investigation
CVE General Security Standard MITRE's Common Vulnerabilities and Exposures
VISA Banking Standard Visa International and Visa USA
ISO 15408
(Common Criteria) 		International Security Program - Systems Standard May be replacing NSA's Red Book and Orange Book
CASPR GNU Best Practices Standard Commonly Accepted Security Practices & Recommendations
OCC Banking Regulation Office of the Comptroller of the Currency
FDIC Banking Regulation Federal Deposit Insurance Corporation
SysTrust AICPA Standard American Institute of Certified Public Accountants
FISCAM GAO (Federal Govt.), Financial Systems Regulation Federal Information Systems Control Audit Manual
CobiT ISACA Standard Control Objectives for Information and Related Technology
IETF Security Handbooks Internet Community Standard The Internet Engineering Task Force
SEC Brokerage Regulation U.S. Securities and Exchange Commission
Rainbow Series
(Orange Book) 		Military commands and contractors Regulation Being replaced by Common Criteria
FDA Pharmaceutical Regulation Food and Drug Administration
NPG 2810 (NASA) Facilities and Contractors Regulation NASA Policy Guideline
1974 Privacy
Act and Amendments 		US Companies Regulation www.usdoj.gov/04foia/privstat.htm
ISO 13335(Parts 1,2,3,4,5) International - Educational Technical Report A five-part technical report giving guidance on security management.
SAS70 Auditing Standard Statement on Auditing Standards
GASSP Older than CASPR Standard Generally Accepted Systems Security Principles
DITSCAP/NIACAP Department of Defense (DOD) Regulation DoD Information Technology Security Certification and AccreditationProcess
AS/NZS 4360:1999 Australian/New Zealand Government Standard Australian Standard / New Zealand Standard
FCC US Government Regulation Federal Communications Commission
Other Standards Standard and Regulation

추적: 기업 고객과 정부 기관이 준수해야 하는 몇 가지 표준 및 규정