A Compliance Primer for IT Professionals

Regulations abound and the acronyms are endless. After suffering seemingly endless confusion, I set about in this paper to document the basics of each of the major compliance regulations, to whom they apply, a list of audit frameworks, key IT requirements, and links to best practices and relevant sites. Summary tables are provided up front to condense the bulk of the information into an easily digestible read, with baseline common requirements and reports following. Links to control frameworks, best practices, supporting experts from the legislation, and information on audit types and common compliance reports are provided in appendices. This paper is intended as a compliance starting point for IT professionals, and documents the applicable industry, regulations, controls, audit frameworks, and best practices for major compliance regulations including FISMA, GLBA, HIPAA, ISO, NERC, PCI and SOX.