Prospect

Regulations

SolutionLab Enterprise Risk and Consulting Services are based on experience and expertise with following Laws, Regulations, Standards, and Guidelines.

Laws and Regulations

• The Federal Information Management Act (FISMA)
  
• The Health Insurance Portability and Accountability Act of 1996 (HIPPA)
  
• The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
  
• Privacy Act of 1974
  
• Massachusetts Privacy Law - 201 CMR 17 - Standards for the Protection of Personal Information of Residents of the Commonwealth
  
• The federal tax information safeguarding requirements defined by the Internal Revenue Service (IRS) in the Title 26 of the United States Code (U.S.C) section 6103
  
• The Payment Card Industry (PCI) Data Security Standard for payment card processing (electronic payments)
  
• Americans with Disabilities Act of 1990 and ADA Amendments Act of 2008 (P.L. 110-325), Section 508
  
  

  Standards & Guidance

• The Center for Consumer Information & Insurance Oversight (CCIIO/CMS) Harmonized Security and Privacy Framework
  
• Federal Information Processing Standard (FIPS) Pub 199 Standards for Security Categorization of Federal Information And Information Systems
  
• FIPS Pub 200 Minimum Security Requirements for Federal Information and Information Systems
  
• NIST SP 800-53 Recommended Security Controls for Federal Information Systems and Organizations
  
• ISO 27001/27002 – Information Security Management
  
• NIST SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories
  
• NIST SP 800-66 An Introductory Resource Guide for Implementing the HIPAA Security Rule
  
• CCIIO/CMS Technical Reference Architecture- Minimum Security Guidance for States
  
• CCIIO/CMS Technical Reference Architecture- Catalog of Minimum Security Controls for States
  
• Information Technology Infrastructure Library (ITIL) - 4 Service Design
  
  

  Additional Guidance

• FIPS Pub 140-2 Security Requirements for Cryptographic modules addressing Data Encryption standards
  
• IRS Publication 1075 - Tax Information Security Guidelines for Federal, State & Local Agencies for Federal Tax Information (FTI) data security & privacy
  
• Payment Card Industry (PCI) Data Security Standards addressing electronic payments security
  
• NIST SP 800-63 Electronic Authentication Guideline
  
• Executive Office of the President – Office of Management and Budget- Memorandum 04-04, E-Authentication Guidance for Federal Agencies