Here’s a summary of the key laws and regulations, relevant to CISSP certification:
1. ITAR (International Traffic in Arms Regulations), 1976
- Purpose: Controls the export and import of defense-related articles and services.
- Key Provisions: Regulates the export of defense goods and technologies, requiring licenses and compliance with security controls.
2. FERPA (Family Educational Rights and Privacy Act)
- Purpose: Protects the privacy of student education records.
- Key Provisions: Grants students rights to access and control their education records and limits the disclosure of such records without consent.
3. GLBA (Gramm-Leach-Bliley Act), 1999
- Purpose: Protects the privacy of consumer financial information.
- Key Provisions: Requires financial institutions to establish privacy policies, safeguard consumer data, and provide privacy notices.
4. ECS (Electronic Communications Service)
- Purpose: Regulates the handling and protection of electronic communications in Europe.
- Key Provisions: Requires notification of breaches and safeguards for electronic communications data.
5. Fourth Amendment
- Purpose: Protects individuals against unreasonable searches and seizures.
- Key Provisions: Establishes the right to privacy and requires warrants for search and seizure.
6. 1974 US Privacy Act
- Purpose: Protects personal information in federal databases.
- Key Provisions: Grants individuals the right to access and amend their records held by federal agencies.
7. OECD Guidelines, 1980
- Purpose: Provides principles for data collection and protection.
- Key Provisions: Sets standards for data collection, processing, and safeguards to protect personal information.
8. Computer Fraud and Abuse Act (CFAA), 1986 (amended 1996)
- Purpose: Addresses computer-related fraud and abuse.
- Key Provisions: Criminalizes unauthorized access to computers, trafficking in passwords, and damage caused by computer activities.
9. Electronic Communications Privacy Act (ECPA), 1986
- Purpose: Protects against unauthorized interception of electronic communications.
- Key Provisions: Prohibits eavesdropping and interception of communications without consent.
10. Communications Assistance for Law Enforcement Act (CALEA), 1994
Requires communications carriers to support law enforcement wiretaps.
Mandates that carriers enable law enforcement to perform wiretaps with a court order, regardless of technology.
11. US Computer Security Act, 1987
Enhances computer security within federal agencies.
Requires security training, development of security plans, and identification of sensitive systems.
12. US Federal Sentencing Guidelines, 1991
Sets penalties for corporate and individual misconduct.
Establishes fines up to $290 million and holds senior management accountable for organizational security practices.
13. Economic Espionage Act, 1996
Addresses industrial and corporate espionage.
Criminalizes the theft of trade secrets and proprietary information.
14. HIPAA (Health Insurance Portability and Accountability Act), 1996 (amended)
Protects the privacy and security of health information.
Requires safeguards for health data, grants patient rights, and mandates compliance by covered entities.
15. HITECH (Health Information Technology for Economic and Clinical Health Act), 2009
Enhances HIPAA privacy and security provisions.
Extends HIPAA requirements to business associates, introduces data