The Export Administration Regulations (EAR) are enforced by the US Department of Commerce. These regulations primarily cover technologies and technical information with both commercial and military applications. They are also known as dual use technologies (for example, chemicals, satellites, software, computers). This policy detects violations based on countries and controlled technologies designated by the EAR.
This policy strictly enforces the US Health Insurance Portability and Accountability Act (HIPAA) by searching for data concerning prescription drugs, diseases, and treatments in conjunction with Protected Health Information (PHI). This policy can be used by organizations that are not subject to HIPAA but want to control PHI data.
The International Traffic in Arms Regulations (ITAR) are enforced by the US Department of State. Exporters of defense services or related technical data are required to register with the federal government and may need export licenses. This policy detects potential violations based on countries and controlled assets designated by the ITAR.
NASD Rule 2711 and NYSE Rules 351 and 472 protect the name(s) of any companies involved in an upcoming stock offering, internal project names for the offering, and the stock ticker symbols for the offering companies.
NASD Rule and NYSE Rule 342 require brokers-dealers to supervise certain brokerage employee's communications. This policy monitors the communications of registered principals who are subject to these regulations.
Detects information outlined in the North American Electric Reliability Council (NERC) security guidelines for protecting and securing potentially sensitive information about critical electricity infrastructure.
The Office of Foreign Assets Control of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against certain countries, individuals, and organizations. This policy detects communications involving these targeted groups.
The Payment Card Industry (PCI) data security standards are jointly determined by Visa and MasterCard to protect cardholders by safeguarding personally identifiable information. Visa's Cardholder Information Security Program (CISP) and MasterCard's Site Data Protection (SDP) program both work toward enforcing these standards. This policy detects credit card number data.
The US Sarbanes-Oxley Act (SOX) imposes requirements on financial accounting, including the preservation of data integrity and the ability to create an audit trail. This policy detects sensitive financial data.
The US SEC Selective Disclosure and Insider Trading Rules prohibit public companies from selectively divulging material information to analysts and institutional investors prior to its general release to the public. This policy detects data indicating disclosure of material financial information.
Many states in the US have adopted statutes mandating data protection and public disclosure of information security in which confidential data of individuals is compromised. This policy detects these breaches of confidentiality.
Imported Document ID: HOWTO53963
Subscribing will provide email updates when this Article is updated. Login is required.