The National Institute of Standards and Technology (NIST) provides a comprehensive framework to help organizations manage and reduce cybersecurity risk. This framework is widely adopted across various industries.

Information security, cybersecurity and privacy protection This is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. If you handle data from EU citizens, you must comply with GDPR, which sets guidelines for the collection and processing of personal information.

The Standards for Privacy of Individually Identifiable Health Information ("Privacy Rule") establishes national standards to protect certain health information, as required by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). If you work with healthcare data, HIPAA provides guidelines for protecting sensitive patient information.

To protect American ingenuity and national security information, the DoD developed the Cybersecurity Maturity Model Certification (CMMC) 2.0 program to reinforce the importance of DIB cybersecurity for safeguarding the information that supports and enables our warfighters. This is required for contractors working with the Department of Defense, CMMC ensures that contractors have adequate cybersecurity controls and processes in place.

Agencies

CISA is a part of the Department of Homeland Security and is responsible for enhancing the security, resilience, and reliability of the nation’s cybersecurity and communications infrastructure.