United States Cybersecurity and Privacy Resources
Federal Level

• Gramm-Leach-Bliley Act (GLBA)

• Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM Act)

• Children's Online Privacy Protection Act (COPPA)

• Federal Information Security Management Act (FISMA)

• Cybersecurity and Infrastructure Security Agency Act (CISAA)

• Section 5 of the Federal Trade Commission Act (FTC Act)

• Telemarketing Sales Rule (TSR)

• Telephone Consumer Protection Act (TCPA)

• Health Insurance Portability and Accountability Act (HIPAA)

• Sarbanes-Oxley Act : Prevent corporate fraud by setting strict regulatory mandates for how organizations protect financial records from tampering and making auditors more independent from their clients.

• PCI DSS v4.0 : Set of security policies that protect credit and payment card data and transactions.

Resources for Cloud Service Providers (Offer your cloud services to the federal government)

• CSP Authorization Playbook : Initiate FedRAMP, onboard offers Cloud Service Providers (CSPs) a comprehensive understanding of crafting an authorization strategy, various authorization categories, and key factors for their Cloud Service Offerings (CSOs) when engaging with FedRAMP.

• FedRAMP Security Controls Baseline : Provides the catalog of FedRAMP High, Moderate, Low, and Tailored Low Impact Software-as-a-Service (Li-SaaS) baseline security controls, along with additional guidance and requirements.

Resources for Federal Agencies (Adopt innovative cloud services to meet your agency’s mission needs)

• Agency Authorization Playbook : Provides agencies with step-by-step guidance, best practices, and tips to successfully implement the FedRAMP Agency Authorization process.

• Reusing Authorizations for Cloud Products Quick Guide : Steps and guidance to help agencies quickly and efficiently reuse authorized cloud products within the FedRAMP Marketplace.

• FedRAMP Package Access Request Form : Form can be used by any federal agency that is seeking to use a CSO that is already FedRAMP Authorized.

Resource for Assessors (3PAOs evaluate cloud security for federal authorization, guiding risk-based decisions via assessments like the RAR and SAP)

• 3PAO Obligations and Performance Guide

• 3PAO Readiness Assessment Report Guide

Other resources

• Continuous Monitoring Strategy Guide : To provide periodic security deliverables to all agency customers.

• Penetration Test Guidance : Requirements for organization to conduct a FedRAMP pen test.