This collection of links provides access to various resources that we find useful from time to time. Additional resources are available regarding:
 Banking & Finance
Best Practices
Financial Institution Letters and Related References
Gramm-Leach-Bliley Act
Health Care
Methodologies
Standards
 Gramm-Leach-Bliley: Senate Site
Gramm-Leach-Bliley: FTC Site
privacylaw.net
OCC - Comptroller of the Currency
NIST publications
NIST - Security Self-Assessment Guide for IT Systems
NIST - System Certification and Accreditation Project
NIST Publications
Generally Accepted System Security Principles (GASSP)
ISO/IEC Guidelines for the Management of IT Security (GMITS) series
IETF RFC 2196 - Site Security Handbook
IETF Best Practices RFC's
Federal Best Security Practices
Management Planning Guide for Information Systems Security Auditing - PDF
Financial Institution Letters and Related References
FIL-11-2003: FFIEC Information Technology Examination Handbook
1996 FFIEC Informations Systems Examination Handbook
Information Technology Examination Handbook
FIL-118-2002: New Examination Procedures for Assessing Information Technology Risk
IT-MERIT Procedures
IT General Work Program
FIL-8-2002: Wireless Networks And Customer Access
FIL-69-2001: Authentication In An Electronic Banking Environment
Attachment - Interagency Guidance
FIL-68-2001: 501(b) Examination Guidance
Redspin GLB Resources
FIL-50-2001: Bank Technology Bulletin on Outsourcing
FIL-81-2000: FFIEC Guidance on Managing Risks Associated With Outsourcing Technology Services
FIL-77-2000: Bank Technology Bulletin: Protecting Internet Domain Names
FIL-67-2000: Security Monitoring Of Computer Networks
Gramm-Leach-Bliley Act
Congress passed the Gramm-Leach-Bliley Act (GLB) in November of 1999. The legislation includes far reaching reform to the financial services industry, including the repeal of the Glass-Steagall act. GLB has a significant impact on financial institutions in terms of network security.
Who Is Affected
GLB includes a broad definition of services affected. The privacy provisions apply to any entity engaging in financial services as defined by the Act. In general GLB applies to the organizations governed by various regulatory agencies including:
Compliance
The OCC, FRB, FDIC and OTS have published guidelines establishing standards for the implementation of sections 501 and 505(b) of GLB. These guidelines entitled Interagency Guidelines Establishing Standards for Safeguarding Customer Information are published in 12 CFR Part 30, et al - PDF.
In addition, the regulatory bodies have developed examination procedures for evaluation of compliance with the Interagency Guidelines Establishing Standards for Safeguarding Customer Information:
The Federal Trade Commission has authority to enforce the law with respect to "financial institutions" that are not covered by the federal banking agencies, the Securities and Exchange Commission, the Commodity Futures Trading Commission, and state insurance authorities.
The FTC has developed the following compliance guidance:
21 CFR FDA rules (Title 21 Code of Federal Regulations)
www.21CFRPart11.com
21 CFR Part 11 discussion forum on Yahoo! Groups
Search forum for "security"
21 CFR Part 11 Final Rule from the FDA
HIPAA: Findlaw resources
HIPAA: www.hipaaadvisor.com
HIPAA: www.hipaa-iq.com
HIPAA: resources at aha.org
HIPAA: Health Care Financing Administration
Signature Syntax and Processing
HIPAA: Department of Health and Human Services
HIPAA: Conference
HIPAA: Health Level 7
HIPPA: Online Training
CoBIT
Federal Information Technology Security Assessment Framework
Federal Information System Controls Audit Manual
BS 7799 - Part 2
ISO 17799
BS 7799
SAS 70
Center for Internet Security
|
Regulatory Resources
