Unified Compliance Framework put together this list of compliance requirement and regulatory schemes that may need to be part of your compliance program.
Below is a long list of regulatory schemes that may need to be part of your compliance framework:
Sarbanes Oxley Guidance
- Sarbanes-Oxley Act (SOX)
- PCAOB Auditing Standard No. 2
- AICPA SAS 94
- AICPA/CICA Privacy Framework
- AICPA Suitable Trust Services Criteria
- Retention of Audit and Review Records, SEC 17 CFR 210.2-06
- Controls and Procedures, SEC 17 CFR 240.15d-15
- Reporting Transactions and Holdings, SEC 17 CFR 240.16a-3
- COSO Enterprise Risk Management (ERM) Framework
- OMB Circular A-123 Management’s Responsibility for Internal Control
- Securities Exchange Act of 1934
- Implementation Guide for OMB Circular A-123 Management’s Responsibility for Internal Control
- PCAOB Audit Standard No. 3
- PCAOB Audit Standard No. 5
- SAS 109, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement
- SAS 110, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained
Banking and Finance Guidance
- Basel II: International Convergence of Capital Measurement and Capital Standards – A Revised Framework
- BIS Sound Practices for the Management and Supervision of Operational Risk
- Gramm-Leach-Bliley Act (GLB)
- Standards for Safeguarding Customer Information, FTC 16 CFR 314
- Privacy of Consumer Financial Information, FTC 16 CFR 313
- Safety and Soundness Standards, Appendix of OCC 12 CFR 30
- FFIEC IT Examination Handbook – Information Security
- FFIEC IT Examination Handbook – Development and Acquisition
- FFIEC IT Examination Handbook – Business Continuity Planning
- FFIEC IT Examination Handbook – Audit
- FFIEC IT Examination Handbook – Management
- FFIEC IT Examination Handbook – Operations
- ACH (Automated Clearing House) Operating Rules OCC Bulletin 2004-58
- Bank Secrecy Act (aka Currency and Foreign Transaction Reporting Act)
- Check 21 (Check Clearing for the 21st Century) Act
- FCRA (Fair Credit Reporting Act)
- FDIC and FFIEC Guidance on Authentication in an Internet Banking Environment
- FFIEC IT Examination Handbook – Outsourcing Technology Services
- FFIEC IT Examination Handbook – Supervision of Technology Service Providers
- FFIEC IT Examination Handbook – Wholesale Payment Systems
- FFIEC IT Examination Handbook – Retail Payment Systems
- FFIEC IT Examination Handbook – E-Banking
NASD NYSE Guidance
- NASD Manual
- Recordkeeping rule for securities exchanges, SEC 17 CFR 240.17a-1
- Records to be made by certain exchange members SEC 17 CFR 240.17a-3
- Records to be preserved by certain exchange members SEC 17 CFR 240.17a-4
- Recordkeeping SEC 17 CFR 240.17Ad-6
- Record retention SEC 17 CFR 240.17Ad-7
- NYSE Listed Company Manual
- Securities Act of 1933
- Part II Securities and Exchange Commission 17 CFR Parts 210, 228, 229 and 240 Amendments to Rules Regarding Management’s Report on Internal Control Over Financial Reporting; Final Rule
Healthcare and Life Science Guidance
- HIPAA (Health Insurance Portability and Accountability Act)
- HIPAA HCFA Internet Security Policy
- Introductory Resource Guide for HIPAA NIST (800-66)
- CMS Core Security Requirements (CSR)
- CMS Information Security Acceptable Risk Safeguards (ARS)
- SYSTEM SECURITY PLANS (SSP) METHODOLOGY
- CMS Info Security Business Risk Assessment
- CMS Business Partners Systems Security Manual
- FDA Electronic Records; Electronic Signatures FDA 21 CFR Part 11+D1
Energy Guidance
- FERC Security Program for Hydropower Projects
- North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards
Payment Card Guidance
- PCI DSS (Payment Card Industry Data Security Standard) 1.1 [Redacted: Q3 07]
- Payment Card Industry (PCI) Data Security Standard Security Audit Procedures 1.1 [Redacted: Q3 08]
- Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures Version 1.2 [Released: Q4 08]
- PCI DSS Security Scanning Procedures [Released: Q3 07]
- Payment Card Industry (PCI) Payment Application Data Security Standard 1.1 [Redacted: Q3 08]
- MasterCard Wireless LANs – Security Risks and Guidelines [Released: Q3 07]
- Payment Card Industry Self-Assessment Questionnaire A [Released: Q4 07]
- Payment Card Industry Self-Assessment Questionnaire B [Released: Q4 07]
- Payment Card Industry Self-Assessment Questionnaire C [Released: Q4 07]
- Payment Card Industry Self-Assessment Questionnaire D [Released: Q4 07]
- VISA CISP: What to Do If Compromised [Released: Q3 07]
- Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance No Electronic Storage, Processing, or Transmission of Cardholder Data Version 1.2 October 2008 [Released: Q4 08]
- VISA Incident Response Procedure for Account Compromise [Released: Q3 07]
- Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage Version 1.2 October 2008 [Released: Q4 08]
- Visa Payment Application Best Practices (PABP) [Redacted: Q4 07]
- Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance Payment Application Connected to Internet, No Electronic Cardholder Data Storage Version 1.2 October 2008 [Released: Q4 08]
- VISA E-Commerce Merchants Guide to Risk Management [Released: Q3 08]
- Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers Version 1.2 October 2008 [Released: Q4 08]
- MasterCard Electronic Commerce Security Architecture Best Practices [Released: Q3 07]
- American Express Data Security Standard (DSS) [Released: Q3 07]
- BBB Online Code of Business Practices [Released: Q3 07]
US Federal Security Guidance
- FTC Electronic Signatures in Global and National Commerce Act (ESIGN) [Released: Release 1]
- Uniform Electronic Transactions Act (UETA) [Released: Release 1]
- FISMA (Federal Information Security Management Act) [Released: Release 1]
- FISCAM (Federal Information System Controls Audit Manual) [Released: Release 1]
- FIPS 140-2, Security Requirements for Cryptographic Modules [Released: Release 1]
- FIPS 191, Guideline for the Analysis of LAN Security [Released: Release 1]
- FIPS 199, Standards for Security Categorization of Federal Information and Information Systems [Released: Release 1]
- FIPS 200, Minimum Security Requirements for Federal Information and Information Systems [Released: Q3 07]
- Clinger-Cohen Act (Information Technology Management Reform Act) [Released: Release 1]
- DoD 5220.22-M, National Industrial Security Program Operating Manual [Released: Q3 07]
- The National Strategy to Secure Cyberspace [Released: Release 1]
- GAO Financial Audit Manual [Released: Release 1]
- Standard for Electronic Records Management Software, DOD 5015.2 [Released: Release 1]
- Corporate Information Security Working Group: Report of the best practices and metrics teams; subcommittee on technology, information policy, intergovernmental relations and the census; Government Reform Committee, United States House of Representatives [Released: Release 1]
- CISWG Information Security Program Elements [Released: Q3 07]
- Appendix III to OMB Circular No. A-130: Security of Federal Automated Information Resources [Released: Release 1]
- NCUA Guidelines for Safeguarding Member Information, 12 CFR 748 [Released: Release 1]
- CT-PAT Best Practices Guide [Released: Q4 07]
- US Export Administration Regulations [Released: Q4 07]
- US The International Traffic in Arms Regulations [Released: Q4 07]
US Internal Revenue Guidance
- IRS Revenue Procedure: Retention of books and records, 97-22 [Released: Release 1]
- IRS Revenue Procedure: Record retention: automatic data processing, 98-25 [Released: Release 1]
- IRS Internal Revenue Code Section 501(c)(3) [Released: Release 1]
Records Management Guidance
- Federal Rules of Civil Procedure [Released: Release 1]
- Uniform Rules of Evidence [Released: Release 1]
- ISO 15489-1, Information and Documentation: Records management: General [Released: Release 1]
- ISO 15489-2, Information and Documentation: Records management: Guidelines [Released: Release 1]
- The DIRKS Manual: A Strategic Approach to Managing Business Information [Released: Release 1]
- The Sedona Principles Addressing Electronic Document Production [Released: Release 1]
- 16 CFR Part 682 Disposal of consumer report information and records [Released: Q3 08]
NIST Guidance
- Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14 [Released: Release 1]
- Developing Security Plans for Federal Information Systems, NIST SP 800-18 [Released: Release 1]
- Security Self-Assessment Guide, NIST SP 800-26 [Released: Release 1]
- Risk Management Guide, NIST SP 800- 30 [Released: Release 1]
- Underlying Technical Models for Information Technology Security [Released: Release 1]
- Contingency Planning Guide for Information Technology Systems, NIST SP 800-34 [Released: Release 1]
- Creating a Patch and Vulnerability Management Program, NIST SP 800-40 [Released: Release 1]
- Guidelines on Firewalls and Firewall Policy, NIST SP 800-41 [Released: Release 1]
- Recommended Security Controls for Federal Information Systems, NIST SP 800-53 [Released: Release 1]
- Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60 [Released: Release 1]
- Computer Security Incident Handling Guide, NIST SP 800-61 [Released: Release 1]
- Security Considerations in the Information System Development Life Cycle, NIST SP 800-64 [Released: Release 1]
- Guide for Developing Performance Metrics for Information Security, NIST SP 800-80 [Released: Q4 07]
- Security Metrics Guide for Information Technology Systems, NIST SP 800-55 [Released: Q4 07]
- Guide for Assessing the Security Controls in Federal Information Systems, NIST 800-53A [Released: Q3 08]
- Performance Measurement Guide for Information Security, NIST 800-55 Rev. 1 [Released: Q4 08]
ISO Guidance
- ISO 73:2002, Risk Management – Vocabulary [Released: Release 1]
- ISO 17799:2000, Code of Practice for Information Security Management [Released: Release 1]
- ISO 17799:2005 Code of Practice for Information Security Management [Released: Q1 08]
- ISO 27001:2005, Information Security Management Systems – Requirements [Released: Q1 08]
- ISO/IEC 20000-12:2005 Information technology – Service Management Part 1 [Released: Release 1]
- ISO/IEC 20000-2:2005 Information technology – Service Management Part 2 [Released: Release 1]
- ISO/IEC 15408-1:2005 Common Criteria for Information Technology Security Evaluation Part 1 [Released: Q1 08]
- ISO/IEC 15408-2:2005 Common Criteria for Information Technology Security Evaluation Part 2 [Released: Q1 08]
- ISO/IEC 15408-3:2005 Common Criteria for Information Technology Security Evaluation Part 3 [Released: Q1 08]
- ISO/IEC 27002-2005 Code of practice for information security management [Released: Q1 08]
- ISO/IEC 18045:2005 Common Methodology for Information Technology Security Evaluation Part 3 [Released: Q3 08]
- ISO 13335-1:2004, Information technology — Security techniques — Management of information and communications technology security — Part 1: Concepts and models for information and communications technology security management [Released: Q1 08]
- ISO 13335-3:1998, Information technology — Guidelines for the management of IT Security — Part 3: Techniques for the management of IT Security [Released: Q1 08]
- ISO 13335-4:2000, Information technology — Guidelines for the management of IT Security — Part 4: Selection of safeguards [Released: Q1 08]
- ISO 13335-5:2001, Information technology — Guidelines for the management of IT Security — Part 5: Management guidance on network security [Released: Q1 08]
ITIL Guidance
- OGC ITIL: Planning to Implement Service Management [Released: Release 1]
- OGC ITIL: ICT Infrastructure Management [Released: Release 1]
- OGC ITIL: Service Delivery [Released: Release 1]
- OGC ITIL: Service Support [Released: Release 1]
- OGC ITIL: Application Management [Released: Release 1]
- OGC ITIL: Security Management [Released: Release 1]
- CobiT 3rd Edition [Redacted: Release 1]
- CobiT 4.1 [Released: Release 1]
- ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals [Released: Release 1]
- Disaster / Emergency Management and Business Continuity, NFPA 1600 [Released: Release 1]
- ISF Standard of Good Practice for Information Security [Redacted: Release 1]
- ISF Security Audit of Networks [Released: Release 1]
- A Risk Management Standard, jointly issued by AIRMIC, ALARM, and IRM [Released: Release 1]
- Business Continuity Institute (BCI) Good Practice Guidelines [Released: Release 1]
- ISSA Generally Accepted Information Security Principles (GAISP) [Released: Release 1]
- CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE) [Released: Release 1]
- The GAIT Methodology [Released: Release 1]
- AICPA Incident Response Plan: Template for Breach of Personal Information [Released: Release 1]
- IIA Global Technology Audit Guide (GTAG): Information Technology Controls [Released: Release 1]
- The Standard of Good Practice for Information Security [Released: Q4 08]
US Federal Privacy Guidance
- Cable Communications Privacy Act Title 47 § 551 [Released: Release 1]
- Telemarketing Sales Rule (TSR), 16 CFR 310 [Released: Release 1]
- CAN SPAM Act [Released: Release 1]
- Children’s Online Privacy Protection Act (COPPA), 16 CFR 312 [Released: Release 1]
- Driver’s Privacy Protection Act (DPPA), 18 USC 2721 [Released: Release 1]
- Family Education Rights Privacy Act (FERPA), 20 USC 1232 [Released: Release 1]
- Privacy Act of 1974, 5 USC 552a [Released: Release 1]
- Video Privacy Protection Act (VPPA), 18 USC 2710 [Released: Release 1]
- Specter-Leahy Personal Data Privacy and Security Act [Released: Release 1]
- Amendments to the FTC Telemarketing Sales Rule [Released: Release 1]
- Children’s Online Privacy Protection Act [Released: Release 1]
- FACT Act (Fair and Accurate Credit Transactions Act of 2003) [Released: Q3 08]
US State Laws Guidance
- Arkansas Personal Information Protection Act AR SB 1167 [Released: Release 1]
- Arizona Amendment to Arizona Revised Statutes 13-2001, AZ HB 2116 [Released: Release 1]
- California Information Practice Act, CA SB 1386 [Released: Release 1]
- California General Security Standard for Businesses CA AB 1950 [Released: Release 1]
- California Public Records Military Veteran Discharge Documents, CA AB 1798 [Released: Release 1]
- California OPP Recommended Practices on Notification of Security Breach [Released: Release 1]
- Colorado Prohibition against Using Identity Information for Unlawful Purpose, CO HB 1134 [Released: Release 1]
- Colorado Consumer Credit Solicitation Protection, CO HB 1274 [Released: Release 1]
- Colorado Prohibiting Inclusion of Social Security Number, CO HB 1311 [Released: Release 1]
- Connecticut law Requiring Consumer Credit Bureaus to Offer Security Freezes, CT SB 650 [Released: Release 1]
- Connecticut law Concerning Nondisclosure of Private Tenant Information, CT HB 5184 [Released: Release 1]
- Delaware Computer Security Breaches DE HB 116 [Released: Release 1]
- Florida Personal Identification Information/Unlawful Use, FL HB 481 [Released: Release 1]
- Georgia Consumer Reporting Agencies, GA SB 230 [Released: Release 1]
- Georgia Public employees; Fraud, Waste, and Abuse, GA HB 656 [Released: Release 1]
- Hawaii Exempting disclosure of Social Security numbers HI HB 2674 [Released: Release 1]
- Illinois Personal Information Protection Act IL HB 1633 [Released: Release 1]
- Indiana Release of Social Security Number, Notice of Security Breach IN SB 503 [Released: Release 1]
- Louisiana Database Security Breach Notification Law, LA SB 205 Act 499 [Released: Release 1]
- Maine law To Protect Maine Citizens from Identity Theft, ME LD 1671 [Released: Release 1]
- Minnesota Data Warehouses; Notice Required for Certain Disclosures, MN HF 2121 [Released: Release 1]
- Missouri War on Terror Veteran Survivor Grants, MO HB 957 [Released: Release 1]
- Montana bill to Implement Individual Privacy and to Prevent Identity Theft, MT HB 732 [Released: Release 1]
- New Jersey Identity Theft Prevention Act, NJ A4001/S1914 [Released: Release 1]
- New York Information Security Breach and Notification Act [Released: Release 1]
- Nevada Security Breach Notification Law, NV SB 347 [Released: Release 1]
- North Carolina Security Breach Notification Law (Identity Theft Protection Act) , NC SB 1048 [Released: Release 1]
- North Dakota Personal Information Protection Act, ND SB 2251 [Released: Release 1]
- Ohio Personal information – contact if unauthorized access, OH HB 104 [Released: Release 1]
- Rhode Island Security Breach Notification Law, RI HB 6191 [Released: Release 1]
- Tennessee Security Breach Notification, TN SB 2220 [Released: Release 1]
- Texas Identity Theft Enforcement and Protection Act, TX SB 122 [Released: Release 1]
- Vermont Relating to Identity Theft , VT HB 327 [Released: Release 1]
- Virginia Identity theft; penalty; restitution; victim assistance, VA HB 872 [Released: Release 1]
- Washington Notice of a breach of the security, WA SB 6043 [Released: Release 1]
- § 1724 California Civil Code [Released: Q3 07]
- Texas Business and Commerce Code, secs. 48.102, 48.103 [Released: Q3 07]
- Minnesota Plastic Card Security Act (H.F. 1758 [Released: Q3 07]
- California Personal Information: Disclosure to Direct Marketers Act (SB 27) [Released: Q3 08]
EU Guidance
- EU Directive on Privacy and Electronic Communications, 2002/58/EC [Released: Release 1]
- EU Directive on Data Protection, 95/46/EC [Released: Release 1]
- US Department of Commerce EU Safe Harbor Privacy Principles [Released: Release 1]
- Consumer Interests in the Telecommunications Market, Act No. 661 [Released: Release 1]
- OECD / World Bank Technology Risk Checklist [Released: Release 1]
- OECD Guidelines on Privacy and Transborder Flows of Personal Data [Released: Release 1]
- UN Guidelines for the Regulation of Computerized Personal Data Files (1990) [Released: Release 1]
- ISACA Cross-Border Privacy Impact Assessment [Released: Release 1]
- Information Technology Security Evaluation Manual (ITSEM) [Released: Release 1]
- Information Technology Security Evaluation Criteria (ITSEC) [Released: Release 1]
- Directive 2003/4/EC Of The European Parliament [Released: Release 1]
- EU 8th Directive (European SOX) [Released: Q4 08]
- OECD Principles of Corporate Governance [Released: Q4 08]
UK and Canadian Guidance
- Financial Reporting Council, Combined Code on Corporate Governance [Released: Q4 08]
- Turnbull Guidance on Internal Control, UK FRC [Released: Release 1]
- Smith Guidance on Audit Committees, UK FRC [Released: Release 1]
- UK Data Protection Act of 1998 [Released: Release 1]
- IT Service Management Standard , BS 15000-1 [Released: Release 1]
- IT Service Management Standard – Code of Practice, BS 15000-2 [Released: Release 1]
- British Standards Institute PAS 56, Guide to Business Continuity Management [Released: Release 1]
- Canada Keeping the Promise for a Strong Economy Act, Bill 198 [Released: Release 1]
- Canada Personal Information Protection Electronic Documents Act (PIPEDA) [Released: Release 1]
- Canada Privacy Policy and Principles [Released: Release 1]
- Canadian Marketing Association Code of Ethics and Standards of Practice [Released: Q4 08]
Other European and African Guidance
- Austria Data Protection Act [Released: Release 1]
- Austria Telecommunications Act [Released: Release 1]
- Bosnia Law on Protection of Personal Data [Released: Release 1]
- Czech Republic Personal Data Protection Act [Released: Release 1]
- Denmark Act on Competitive Conditions and Consumer Interests [Released: Release 1]
- Finland Personal Data Protection Act [Released: Release 1]
- Finland act on the amendment of the Personal Data Act (986/2000) [Released: Release 1]
- France Data Protection Act [Released: Release 1]
- German Federal Data Protection Act [Released: Release 1]
- IT Baseline Protection Manual Germany [Released: Release 1]
- Greece Law on the Protection of Individuals with Regard to the Processing of Personal Data [Released: Release 1]
- Hungary Protection of Personal Data and Disclosure of Data of Public Interest [Released: Release 1]
- Iceland Protection of Privacy as regards the Processing of Personal Data [Released: Release 1]
- Ireland Data Protection Act of 1988 [Released: Release 1]
- Ireland Data Protection Amendment 2003 [Released: Release 1]
- Italy Personal Data Protection Code [Released: Release 1]
- Italy Protection of Individuals Other Subject with regard to the Processing of Personal Data [Released: Release 1]
- Lithuania Law on Legal Protection of Personal Data [Released: Release 1]
- Luxembourg Data Protection Law [Released: Release 1]
- Netherlands Personal Data Protection Act [Released: Release 1]
- Poland Protection of Personal Data Act [Released: Release 1]
- Slovak Republic Protection of Personal Data in Information Systems [Released: Release 1]
- Personal Data Protection Act of the Republic of Slovenia of 2004 [Released: Release 1]
- South Africa Promotion of Access to Information Act [Released: Release 1]
- ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data [Released: Release 1]
- Sweden Personal Data Act [Released: Release 1]
- Switzerland Federal Act on Data Protection [Released: Release 1]
- German Corporate Governance Code (“The Code”) [Released: Q4 08]
- The Dutch corporate governance code, Principles of good corporate governance and best practice provisions [Released: Q4 08]
- The King Committee on Corporate Governance, Executive Summary of the King Report 2002 [Released: Q4 08]
- Swedish Code of Corporate Governance; A Proposal by the Code Group [Released: Q4 08]
Asia and Pacific Rim Guidance
- Australia Better Practice Guide – Business Continuity Management [Released: Release 1]
- Australia Spam Act [Released: Release 1]
- Australia Spam Act 2003: A practical guide for business [Released: Release 1]
- Australia Privacy Act [Released: Release 1]
- Australia Telecommunications Act [Released: Release 1]
- Hong Kong Personal Data (Privacy) Ordinance [Released: Release 1]
- Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce in the Private Sector (version 1.0) [Released: Release 1]
- Japan Handbook Concerning Protection Of Personal Data [Released: Release 1]
- Japan Personal Information Protection Act (Law No. 57 of 2003) [Released: Release 1]
- Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc [Released: Release 1]
- Korea Act on the Protection of Personal Information Maintained by Public Agencies 1994 [Released: Release 1]
- Korea Act Relating to Use and Protection of Credit Information [Released: Release 1]
- New Zealand Privacy Act 1993 [Released: Release 1]
- Taiwan Computer-Processed Personal Data Protection Law 1995 [Released: Release 1]
- India Information Technology Act (ITA-2000) [Released: Release 1]
- Australian Government ICT Security Manual (ACSI 33) [Released: Q3 08]
- Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 [Released: Q4 08]
- Corporate Governance in listed Companies – Clause 49 of the Listing Agreement [Released: Q4 08]
- CODE OF CORPORATE GOVERNANCE 2005 [Released: Q4 08]
- Argentina Personal Data Protection Act [Released: Release 1]
- Mexico Federal Personal Data Protection Law [Released: Release 1]
System Configuration Guidance
- CI Security Persistent Identifiers [Released: Q3 07]
- CI Security Solaris Benchmark v2.1 [Released: Q3 07]
- CI Security Solaris Benchmark v1.3 [Released: Q3 07]
- CI Security HP-UX Benchmark v1.3 [Released: Q3 07]
- CI Security Red Hat Enterprise Linux Benchmark v1.0 [Released: Q3 07]
- CI Security Red Hat Enterprise Linux Benchmark v1.0.5 [Released: Q3 07]
- CI Security SuSE Linux Enterprise Server Benchmark v1.0 [Released: Q3 07]
- CI Security Slackware Linux Benchmark v1.1 [Released: Q3 07]
- CI Security AIX Benchmark v1.0 [Released: Q3 07]
- CI Security FreeBSD Benchmark v1.0 [Released: Q3 07]
- Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 7 Release 2 [Released: Q4 07]
- Defense Information Systems Agency UNISYS Security Technical Implementation Guide Version 5 Release 1 [Released: Q4 07]
- CI Security Windows XP Professional SP1/SP2 [Released: Q3 07]
- Guidance for Securing Microsoft Windows XP Systems for IT Professionals, NIST SP 800-68 [Released: Q4 07]
- NSA Guide to Security Microsoft Windows XP [Released: Q4 07]
- CI Security Windows 2000 Professional [Released: Q4 07]
- DISA Windows XP Security Checklist Version 6 [Released: Q1 08]
- CI Security Windows 2000 Server [Released: Q3 07]
- CI Security Windows Server 2003 [Released: Q4 07]
- CI Security Windows 2000 [Released: Q4 07]
- CI Security Windows NT [Released: Q4 07]
- DISA Windows VISTA Security Checklist Version 6 [Released: Q1 08]
- NSA Guide to Securing Microsoft Windows 2000 Group Policy [Released: Q4 07]
- Center for Internet Security Mac OS X Tiger Level I Security Benchmark
- Center for Internet Security Open Enterprise Server: NetWare (v1) Consensus Baseline Security Settings
- Mac OS X Security Configuration for version 10.4 or later, second edition]
- Microsoft Windows Vista Security Guide Appendix A: Security Group Policy Settings
- DISA Windows Server 2003 Security Checklist Version 6
DISA WIRELESS STIG BLACKBERRY SECURITY CHECKLIST, Version 5, Release 1.2 - DISA WIRELESS SECURITY CHECKLIST, Version 5, Release 2.2