Regulations

1) Common regulations require phishing and security awareness training:

  • PCI DSS
  • ISO/IEC 27001 and 27002
  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability & Accounting Act (HIPAA)
  • CobiT
  • FACTA – FTC Red Flags Rule
  • Gramm-Leach Bliley Act
  • Federal Information security Management Act (FISMA)
  • NERC CIP

2) Common regulations require vulnerability assessments, penetration tests, or automated penetration testing:

  • PCI DSS and PA DSS
  • SOC 2
  • ISO 27001
  • HIPAA
  • NIST
  • GDPR
  • CMMC
  • OWASP 10
  • CIS CIS Controls