This post features regulations related to IT security.
The post focuses on regulations that establish IT security controls. If you want to know regulations that prosecute malicious behavior related to computers or IT and IT crime, please check this post.
IT Security Legislation by Country
Countries featured on this post:
- EU
- Spain
- USA
EU IT Security Regulations
EU IT security regulations:
Germany IT Security Regulations
Germany IT security regulations featured on this post:
- Federal Office for Information Security (BSI, from the German Bundesamt für Sicherheit in der Informationstechnik)
Spain IT Security Regulations
Spain IT security regulations:
USA IT Security Regulations
USA IT security regulations:
- Federal Information Security Management Act (FISMA)
- Cybersecurity Enhancement Act
- National Security Protection Act
FISMA
Federal Information Security Management Act (FISMA) requires that USA federal agencies and their contractors implement an information security program.
FISMA implementation guidelines are developed by NIST.
FISMA was passed in 2002.
The Federal Information System Modernization Act (know as 2014 FISMA, sharing the same acronym) modified the 2002 FISMA.
Predecessor of FISMA was Government Information Security Reform Act (GISRA), that expired in November 2022.
Cybersecurity Enhancement Act of 2014
Cybersecurity Enhancement Act charged NIST with responsibility for coordinating nationwide work on voluntary cybersecurity standards.
It was passed in 2014.
The 2002 version was part of the Home Security (HSA), that was passed in 2002 together with the Critical Structure Information Act of 2002.
National Security Protection Act
National Security Protection Act charged the Department of Homeland Security with establishing a national cybersecurity and communication integration center. It serves as a communication nexus for public federal and private institutions regarding cybersecurity.