Legal Framework -

Summarise the main statutes and regulations that promote

cybersecurity. Does your jurisdiction have dedicated

cybersecurity laws?

The United States generally addresses cybersecurity through sector specific statutes, regulations and private industry requirements.

At the federal level, numerous agencies impose cybersecurity standards through a variety of regulatory and enforcement mechanisms. For example, the Federal Information Security Management Act of 2002 (and implementing guidance) establishes cybersecurity standards for federal government agencies and their contractors. Similarly, the Gramm Leach-Bliley Act (GLBA) and the Health Insurance Portability and Accountability Act (HIPAA) (and implementing regulations and agency guidance) require entities in the financial services and health sectors, respectively, to employ technical, administrative and physical safeguards to protect customer information from unauthorised access or use. Several states have also enacted state parallels to the GLBA and HIPAA requirement. The Federal Risk and Authorization Management Program (FedRAMP) is a governmentwide programme that provides a standardised approach to security assessments, authorisation and continuous monitoring for companies providing cloud services to federal civilian agencies.

Originally published in Getting the Deal Through - Cybersecurity 2016, by Law Business Research Ltd. - March 2016.