Federal Risk and Authorization Management Program (FedRAMP) is meant to provide a standardized approach to security assessment, authorization, and continuou...

The Family Educational Rights and Privacy Act (FERPA) is a federal law enacted in 1974 that protects the privacy of student education records. ControlDes...

The Federal Information Security Management Act (FISMA) is a United States federal law passed in 2002 that made it a requirement for federal agencies to dev...

The CIS Google Cloud Platform Foundation Benchmark 1.1.0 covers foundational elements of Google Cloud Platform. The recommendations provided are important s...

The GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. While primarily process-driven, ther...

The Health Insurance Portability and Accountability Act of 1996 is United States legislation that provides data privacy and security provisions for safeguar...

The HITRUST Common Security Framework (HITRUST CSF) is a certifiable framework that provides organizations with a comprehensive, flexible, and efficient app...

ISO 27001 is an international standard that helps organizations manage information security. ControlDescription A.5.1.1 Policies for Information Security...

ISO 27017 is the Code of practice for information security controls based on ISO/IEC 27002 for cloud services. ControlDescription CLD.6.3.1 Shared roles ...

Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors. ControlDescription A 9.2 Retentio...