NIST 800-171 – the Special Publication 800-171 by the National Institute of Standards and Technology – outlines the standards that non-federal information systems and organizations must follow when managing Controlled Unclassified Information (CUI).

PCI DSS – the Payment Card Industry Data Security Standard – is one of the foundational regulatory frameworks on information security for organizations that process credit card payments.

HIPAA – the Health Insurance Portability and Accountability Act of 1996 – is the primary regulatory framework for data protection of sensitive patient information. As such, it is the responsibility of every healthcare organization, its subcontractors, and every other institution that handles this type of data to comply with its physical and technical security requirements.

GLBA – the Gramm–Leach–Bliley Act or the Financial Services Modernization Act of 1999 – outlines the information privacy and security regulations that all financial institutions and organizations that handle personally identifiable financial information must follow.