1. Symantec/
  2. Security Response/
  3. Symantec Control Compliance Suite Assessment Manager 11.x

Security Updates

?
Security Updates give you the most recent protection content for your Symantec security products.

Symantec Control Compliance Suite Assessment Manager 11.x

Regulations and Frameworks

01 December 2014

Symantec™ Control Compliance Suite Assessment Manager 11.x Regulations and Frameworks


The following government regulations and best practice frameworks are supported in Control Compliance Suite (CCS) Assessment Manager 11.x:

Regulations and Statutes

Regulations are published government mandates such as HIPAA, Sarbanes-Oxley, or GLBA. These regulations describe the business functions and security functions that must be performed.


Best Practice Frameworks and Standards

Frameworks are the published best practices such as COBIT, COSO, and the ISO series, among others. These frameworks provide implementation guidelines to help organizations set up and assess the risk management and governance and compliance programs.


Regulations and Statutes


Regulations

Title

Source

Region

Comments

ARRA-HITECH Guidance from the Department of Health and Human Services

US Congress

North America

 

Australian Government Information Security Manual (AUS-ISM)

Australian Government - Department of Defense

Australia

 

Australian Government Information Security Manual September 2012 Release

– Communications Security

Australian Government (DSD)

Australia

Added in SCU 2014-3

Australian Government Information Security Manual September 2012 Release

– Governance

Australian Government (DSD)

Australia

Added in SCU 2014-3

Australian Government Information Security Manual September 2012 Release

– IT Security

Australian Government (DSD)

Australia

Added in SCU 2014-3

Australian Government Information Security Manual September 2012 Release

– Personnel Security

Australian Government (DSD)

Australia

Added in SCU 2014-3

Australian Government Information Security Manual September 2012 Release

– Physical Security

Australian Government (DSD)

Australia

Added in SCU 2014-3

FCC 47 CFR Part 64 Subpart U - Customer Proprietary Network Information (CPNI)

US  Federal Communications Commission (FCC)

North America

 

FDA 21 CFR Part 11 - Electronic Records; Electronic Signatures

US Food and Drug Administration

North America

 

FDA 21 CFR Part 820 - Quality System Regulation

US Food and Drug Administration

North America

 

FISMA

US Congress

North America

 

FISMA using NIST SP 800-53 rev1

National Institute of Standards and Technology

Global

 

NIST SP 800-53 based on FISMA

National Institute of Standards and Technology

Global

 

GLBA CFTC 17 CFR Sec. 160.30 - Procedures to safeguard customer records and information.

US Federal Trade Commission

North America

 

GLBA FDIC 12 CFR Part 364 App. B - Interagency Guidelines Establishing Information Security Standards

US Federal Trade Commission

North America

 

GLBA FRB 12 CFR Part 208 App. D-2 - Interagency Guidelines Establishing Information Security Standards

US Federal Trade Commission

North America

 

GLBA FRB 12 CFR Part 225 App. F - Interagency Guidelines Establishing Information Security Standards

US Federal Trade Commission

North America

 

GLBA FTC 16 CFR Part 314 - Standards for Safeguarding Customer Information

US Federal Trade Commission

North America

 

GLBA NCUA 12 CFR Part 748 App. A and App. B - Guidelines for Safeguarding Member Information and Guidance on Response Programs for Unauthorized Access to Member Information and Member Notice

US Federal Trade Commission

North America

 

GLBA OCC 12 CFR Part 30 App. B - Interagency Guidelines Establishing Information Security Standards

US Federal Trade Commission

North America

 

GLBA OTS 12 CFR Part 570 App. B - Interagency Guidelines Establishing Information Security Standards

US Federal Trade Commission

North America

 

GLBA SEC 17 CFR Sec. 248.30 - Procedures to safeguard customer records and information; disposal of consumer report information.

US Federal Trade Commission

North America

 

Interagency Guidelines Establishing Information Security Standards

 US Federal Reserve

North America

 

OTS Small-Entity Compliance Guide

US Securities and Exchange Commission

North America

 

HIPAA 45 CFR Part 164 - Security Rule

US Congress

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - FDIC

US Federal Trade Commission (FTC)

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - FRB (Board)

US Federal Trade Commission (FTC)

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - FTC

US Federal Trade Commission (FTC)

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - NCUA

US Federal Trade Commission (FTC)

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - OCC

US Federal Trade Commission (FTC)

North America

 

Identity Theft Red Flags and Address Discrepancies Under the FACT Act - OTS

US Federal Trade Commission (FTC)

North America

 

Massachusetts: 201 CMR 17.00 - Standards for The Protection of Personal Information of Residents of the Commonwealth

US - Commonwealth of Massachusetts

North America

 

Sarbanes-Oxley - The Sarbanes-Oxley Act of 2002 (SOX)

US Congress

North America

 

UK: Data Protection Act 1998

UK Parliament

Europe

 

China - The Basic Standard for Enterprise Internal Control and Supplemental Guidelines

 China -Ministry of Finance.

China

Added in SCU 2012-4

 

Best Practice Frameworks and Standards

 

Best Practice Frameworks and Standards

Title

Source

Region

Comments

AICPA Trust Services Principles and Criteria- SAS 70 / SSAE 16  (AT section 101 - SOC 2 and SOC 3)

American Institute of Certified Public Accountants

North America

 

Basel Committee - Sound Practices for the Management and Supervision of Operational Risk

Bank for International Settlements

Global

 

CMS Information Security ARS – Appendix A – CMSR High Impact Level Data

Centre for Medicare & Medicaid Services 

North America

 

CobiT 4.0

ISACA/ITGI

Global

 

CobiT 4.1

ISACA/ITGI

Global

 

CobiT 5.0

ISACA/ITGI

Global

Added in SCU 2014-3

COSO Enterprise Risk Management - Integrated Framework

American Institute of Certified Public Accountants

North America

 

DISA STIG - Access Control  In Support Of Information Systems

US Defense Information Systems Agency

North America

 

FIEL Guidance for J-SOX for IT

Financial Services Agency, The Japanese Government

Japan

 

ISO/IEC 31000:2009

International Organization for Standardization (ISO)

Global

 

ISO/IEC 20000-1:2005

International Organization for Standardization (ISO)

Global

 

ISO/IEC 20000-2:2005

International Organization for Standardization (ISO)

Global

 

ISO/IEC 27001:2005

International Organization for Standardization (ISO)

Global

 

ISO/IEC 27002:2005

International Organization for Standardization (ISO)

Global

 

ISO/IEC 27005:2008

International Organization for Standardization (ISO)

Global

 

ISO/IEC 27001:2013

International Organization for Standardization (ISO)

Global

 

IT Control Objectives for Sarbanes-Oxley 2nd Edition

ISACA/ITGI

North America

 

NERC 1300

North American Electric Reliability Corporation

North America

 

NERC CIP 002-009

North American Electric Reliability Corporation

North America

 

NERC CIP-002-4 - CIP-009-04

North American Electric Reliability Corporation

North America

 

NERC CIP 002-009-2

North American Electric Reliability Corporation

North America

 

NIST SP 800-122

National Institute of Standards and Technology

Global

 

NIST SP 800-30

National Institute of Standards and Technology

Global

 

NIST SP 800-53 Rev. 1

National Institute of Standards and Technology

Global

 

NIST SP 800-53 Rev. 3

National Institute of Standards and Technology

Global

 

NIST SP 800-53 Rev. 4 HIGH Baseline

National Institute of Standards and Technology

Global

 

NIST SP 800-53 Revision 4 LOW Baseline

National Institute of Standards and Technology

Global

 

NIST SP 800-53 Revision 4 MOD Baseline

National Institute of Standards and Technology

Global

 

NIST 800-53 REVISION 4 ALL

National Institute of Standards and Technology

Global

 

NIST 800-53 REVISION 4 view of NIST Cybersecurity Framework

National Institute of Standards and Technology

Global

 

COBIT 5.0 view of NIST Cybersecurity Framework

National Institute of Standards and Technology

Global

 

NIST SP 800-66 Rev. 1

National Institute of Standards and Technology

Global

 

NIST Cyber Security Framework

National Institute of Standards and Technology

Global

Added in SCU 2014-3

PCI DSS v1.1

PCI Security Standards Council

Global

 

PCI DSS v1.2

PCI Security Standards Council

Global

 

PCI DSS v3.0

PCI Security Standards Council

Global

Added in SCU 2014-3 

PPG 235 – Managing Data Risk

APRA Prudential Practice Guide

 

Added in SCU 2014-3

CPG 234 – Management of Security Risk in Information and Information Technology

APRA Prudential Practice Guide

 

Added in SCU 2014-3

SANS 20 Critical Security Controls - Version 3.0

SANS

Global

 

SANS Top 20 Critical Controls - Version 4

SANS

Global

Added in SCU 2014-3

MAS IBTRMV3 - Monetary Authority of Singapore Internet Banking and Technology Risk Management Guidelines.

Monetary Authority of Singapore

Singapore

Added in SCU 2012-4

FEDRAMP - Federal Risk and Authorization Management Program V1.0

US - General Services Administration

North America

Added in SCU 2012-4

Criminal Justice Information Services (CJIS) Security Policy Version 5.0

US - Federal Bureau of Investigation (FBI)

North America

Added in SCU 2012-4

The World Bank Technology Risk Checklist 7.3

The World Bank

Global

 

VMware vSphere 4.1 Security Hardening

VMWARE

Global

 

VMware Hardening Guidelines 5.x Assessment

VMWARE

Global

Added in SCU 2014-3 

US-CCU Cyber Security Checklist


US Cyber Consequences Unit

North America

 

TRUSTe Security Guidelines 2.0

TRUSTe

Global

 

SOX IT using CobiT 4.0

ISACA/ITGI

Global

 

SOX Compliance Toolkit - Corporate Governance Compliance Checklist

ISACA/ITGI

Global

 

SOX Compliance Toolkit - Audit Committee SOX Compliance Checklist

ISACA/ITGI

Global

 

SOX - The IT Dimension

ISACA/ITGI

Global

 

IT Control Objectives for SOX - Company-level Questionnaire

ISACA/ITGI

Global

 

IT Control Objectives for SOX - Assessing the Readiness of IT

ISACA/ITGI

Global

 

AICPA SOX Assessment - Other Questions for Management

American Institute of Certified Public Accountants

North America

 

AICPA SOX Assessment - Guidelines for Hiring CAE

American Institute of Certified Public Accountants

North America

 

AICPA SOX Assessment - Evaluation of the Independent Auditor

American Institute of Certified Public Accountants

North America

 

AICPA SOX Assessment - Evaluation of Internal Audit Team

American Institute of Certified Public Accountants

North America

 

AICPA SOX Assessment - COSO Framework

American Institute of Certified Public Accountants

North America

 

AICPA SOX Assessment - Conducting an Executive Session

American Institute of Certified Public Accountants

North America

 

SB1386- Recommended Practices on Notice of Security Breach

US - State Law

North America

 

Treasury Board of Canada - Privacy Impact Assessment Guidelines

Canada - Treasury Board

Canada

 

Business pandemic influenza planning checklist

U.S. Department of Health & Human Services

 

North America

 

Business Pandemic Influenza Planning for Overseas Operations Checklist

U.S. Department of Health & Human Services

 

North America

 

Child Care and Preschool Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Colleges and Universities Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Correctional Facilities Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Emergency Med Services and Non-Emergent Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Faith-based and Community Org Pandemic Influenza Preparedness Checklist

U.S. Department of Health & Human Services

 

North America

 

Health Insurer Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Home Health Care Services Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Hospital Pandemic Influenza Planning Checklist

U.S. Department of Health & Human Services

 

North America

 

Law Enforcement Pandemic Influenza Planning Checklist

 U.S. Department of Health & Human Services

 

North America

 

Long-Term Care Facilities Pandemic Influenza Planning Checklist

 U.S. Department of Health & Human Services

 

North America

 

Medical Offices and Clinics Pandemic Influenza Planning Checklist

 U.S. Department of Health & Human Services

 

North America

 

School district (K-12) Pandemic Influenza Planning Checklist

 U.S. Department of Health & Human Services

 

North America

 

Travel Industry Pandemic Influenza Planning Checklist

 U.S. Department of Health & Human Services

 

North America

 

FFIEC Authentication Guidance

US - FFIEC

North America

 

FFIEC IT Examination Handbook Audit Booklet

US - FFIEC

North America

 

FFIEC IT Examination Handbook Information Security Booklet

US - FFIEC

North America

 

DoD Instruction 8500.2 Information Assurance (IA) Implementation-5.7.

US - Department of Defense

North America

 

CSA Consensus Assessments Initiative

Cloud Security Alliance

Global

 

C-TPAT - Importer Self-Assessment Questionnaire

US - Customs

North America

 

C-TPAT - Internal Control Management

US - Customs

North America

 

Email review

Symantec

Global

 

Physical Security

Symantec

Global

 

Security Assessment Checklist

Symantec

Global

 

Security Awareness Culture

Symantec

Global

 

Security Awareness Monthly Quizzes

Symantec

Global

 

U.S Department of Ag Food Sec Assessment

US - FDA

North America

 

IT Service Management Assessment

Symantec

Global

 

BSI German Govt- IT_Security_Guidelines

German Govt

Germany

 

SANS 20 Critical Security Controls - Version 4.0

SANS

Global

Added in SCU 2013-1

NIST Special Publication 800-53 Revision 4

NIST

Global

Added in SCU 2013-2

Australian Government Information Security Manual v2.0 September 2012 Release

Australian Government (DSD)

Australia

Added in SCU 2013-2

Australian Prudential Regulation Authority (APRA) –

Prudential Practice Guide for Managing Data Risk

Prudential Practice Guide for Management of Security Risk in Information and Information Technology

Australian financial services industry

Australia

Added in SCU 2013-3

ISO/IEC 27001:2013

International Organization for Standardization (ISO)

Global

Added in SCU 2013-3

PCI DSS 3.0

The Payment Card Industry Data Security Standard (PCI DSS)

Global

Added in SCU 2014-1

NIST Cybersecurity Framework Core Version 1.0

The Commerce Department's National Institute of Standards and Technology (NIST)

Global

Added in SCU 2014-1

 


Security Response Blog
The State of Spam
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube