Compliance Regulations available in 9.5.2 - Updated March 23, 2016

Version 7

    The following is a list of the supported compliance regulations available within McAfee SIEM as of 9.5.2 .  They can be accessed from the filter called "Compliance ID" on the right side of the ESM and applied to any view.  Additionally, they can be accessed in the query wizard for a view component or a report component so that view or report will only include events that meet the compliance regulation.

    Compliance Regulations Supported in ESM 9.5.0+

    10 CFR Part 73.54

    12 CFR Part 748

    16 CFR Part 312

    16 CFR Part 314

    18 UCS – 2710

    18-UCS – 2721

    21 CFR Part 11

    21 CFR Part 820

    32 CFR 149

    34 CFR Part 99

    42 CFR Part 3 Patient Safety and Quality Improvements

    42 CFE Parts 412 413 422 et al.

    45 CFR Part 164

    49 CFR Part 1542

    5 USC - 552a

    6 CFR Part 27

    A 123 Implementation Guide

    ACH Operating Rules OCC Bulletin 2004 58

    ACSI 33

    AICPA Identity Theft Prevention Program

    AICAP Privacy

    AICPA Suitable Trust

    AICPA Trust Services

    APRA PPG 234

    AR 380 19

    ASIS POA Manual

    ARMA Information Governance Assessment Audit Questions

    ARMA Information Governance Assessment Controls

    Act on the Protection of Personal Data 67-98

    Alaska Personal Information Protection Act Chapter 48

    Amex DSS

    Annex 11 Guide to Good Manufacturing Practice for Medicinal Products

    Anti-Counterfeiting Trade Agreement

    Appendix of 12 CFR Part 30

    Apple OS X Security Config

    Argentina Personal Data Protection Act

    Australia Privacy Amendment Act

    Australia Spam Act of 2003

    Australia Spam Business Practical Guide

    Australia Telecommunications Act

    Australia Business Continuity Management Guide

    Australian Government Information Security Manual Controls

    Australian Privacy Act 1988

    Austria Data Protection Law

    Austria Telecommunications Act 2003

    Authentication in an Internet Banking Environment

    Aviation Transportation Security Act

    BS 25999-1 Guide to Business Continuity Management

    BS25999-2 Business continuity management specification

    BS ISO IEC 20000 2 2005

    BSI-Standard 100-2

    Bank Secrecy Act

    Basel II

    Belgian Law of 8 December 1992 on the protection of privacy in relation to the processing of personal data

    Bosnia Law on Protection of Personal Data 2001

    C TPAT Best Practices

    C TPAT Importers Guide

    CA SB 1386

    CAN SPAM Act of 2003

    CCE v5 - AIX 5.3

    CCE v5 - HP-UX 11.23

    CCE v5 - Red Hat Enterprise Linux 4

    CCE v5 - Red Hat Enterprise Linux 5

    CCE v5 - Sun Solaris 10

    CCE v5 - Sun Solaris 8

    CCE v5 - Sun Solaris 9

    CCE v5 - Windows 2000

    CCE v5 - Windows 7

    CCE v5 - Windows Server 2003

    CCE v5 - Windows Server 2008

    CCE v5 - Windows Vista

    CCE v5 - Windows XP


    CI Security AIX

    CIS CentOS 6 Level 2

    CI Security Free BSD

    CI Security HP UX

    CI Security Novell OES NetWare

    CI Security Red Hat Enterprise Linux 1

    CI Security Red Hat Enterprise Linux 1 05

    CI Security Slackware Linux

    CI Security Solaris 10

    CI Security Solaris 9

    CI Security SuSE Linux Enterprise Server

    CI Security Ubuntu 12.04 LTS Level 2

    CI Security Windows 2000

    CI Security Windows 2000 Server

    CI Security Windows 2000 Server Level 2 Benchmark

    CI Security Windows 2K Pro

    CI Security Windows NT

    CI Security Windows XP

    CIS RHEL 6 Level 2


    CIS Wireless Security Cisco Addendum

    CIS Wireless Security Linksys Addendum





    CISWIG 1

    CISWIG 2

    CMA Code of Ethics Standards

    CMS Business Partners Systems Security Manual

    CMS Core Security Requirements CSR

    CMS System Security Plan Procedure


    CSIS 20 Critical Security Controls

    Cable Communications Privacy Act

    California Civil Code 17851-1785.6

    California Civil Code 1789.91

    California Civil Code 1798.25-1798.29 Accounting of Disclosures

    California OPP Notification of Security Breach

    Canada Personal Information Protection Electronic Documents Act

    Canada Privacy Policy Principles

    Childrens Online Privacy Protection Act

    China Personal Data Ordinance of Hong Kong 2

    Clinger Cohen Act

    Cloud Security Alliance CCM

    Cloud Security Alliance CCM v1.1

    Cloud Security Alliance CCM v1.2

    Cloud Security Alliance CCM v1.3


    Colima Personal Data Protection Law

    Computer Security Incident Handling

    Criminal Justice Information Services Security Policy

    Cross Border Privacy Assessment

    Czech Republic Data Protection Act

    DIBA Info Assurance Standard


    DISA Access Control STIG

    DISA Apriva Sensa e mail Version 5 Release 2.2

    DISA BLACKBERRY CHECKLIST 1.2 Version 5 Release 2.4

    DISA Motorola Wireless e mail Version 5 Release 2.3

    DISA Multi-Function Device and Printer Checklist

    DISA Secure Remote Computing STIG v1 r2

    DISA Unisys STIG V7R2

    DISA Unix STIG V5R1


    DISA Windows Mobile Messaging STIG Version 5 Release 2.4

    DISA Windows Server 2003 Security Checklist

    DISA Windows VISTA Security Checklist

    DISA Windows XP Security Checklist

    DOD 5015 2

    DOT Physical Security Checklist

    DoD 5220 22 NISPOM

    DoD Instruction 5240.5

    DoD Instruction 8500.2 DIACAP

    EC ECNS DPP Regulations 2003

    EU Data Protection Directive 95 46 EC

    EU Directive on privacy and electronic communications

    EU Safe Harbor US European

    Equal Credit Opportunity Act

    EudraLex Rules Governing Medicinal Products in the European Union Annex

    FACT Act

    FACTA Red Flag


    FDA General Principles of Software Validation

    FDA Guidance for Industry Part 11 Electronic Records and Signatures

    FFIEC Audit

    FFIEC Business Continuity Planning

    FFIEC Development Acquisition

    FFIEC E Banking

    FFIEC Information Security

    FFIEC Management

    FFIEC Operations

    FFIEC Outsourcing Technology Services

    FFIEC Retail Payment Systems

    FFIEC Supervision of Technology Service Providers

    FFIEC Wholesale Payment Systems

    FIPS Pub 140 2

    FIPS Pub 188

    FIPS Pub 190

    FIPS Pub 200

    FIPS Pub 201-1

    FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions


    FTC FACT Act Red Flags Rule Template

    FedRAMP Baseline Security Controls

    Federal Information Security Management Act FISMA

    Federal Rules of Evidence

    Finland Act on the Protection of Privacy in Electronic Communications

    Finland Personal Data Act

    France Data Protection Act

    GAO Financial Audit Manual

    General Accepted Privacy Principles

    Georgia Code - 10-1-911 thru 10-1-915 Security Breach notification

    German Corporate Governance Code

    Germany Data Protection Act

    Good Practices for Computerized systems in Regulated GXP Environments

    Greece Law on the Protection of Individuals with regard to the Processing of Personal Data

    Guanajuato Personal Data Protection Law

    Guidance on the Information Charter

    Guide to Protecting the Confidentiality of Persona Identifiable Information PII


    HIPAA Electronic Health Record Technology


    HITECH title within the American recovery and Reinvestment Act of 2009


    HMG Security Policy Framework

    Hungary Act No LXIII of 1992

    IEC 8000-1

    IIA GTAG 1

    IIA GTAG 10

    IIA GTAG 2

    IIA GTAG 3

    IIA GTAG 4

    IIA GTAG 5

    IIA GTAG 6

    IIA GTAG 7

    IIA GTAG 8

    IIA GTAG 9

    IRS Pub 1075

    IRS Rev Rroc 98 25

    ISF Security Audit of Networks

    ISF Standard of Good Practice 2007

    ISF Standard of Good Practice 2012

    ISF Standard of Good Practice 2013

    ISO 12931:2012, Performance Criteria for Authentication Solutions Used to Combat Counterfeiting of Material Goods

    ISO 15489 1

    ISO 15489 2

    ISO IEC 27002

    ISO 13335 1

    ISO 13335 3 R 1998

    ISO 13335 4 R 2000

    ISO 13335 5 R 2001

    ISO 13485 2003

    ISO 15288 R 2008

    ISO 15408 3 R 2008

    ISO 15408 2 R 2008

    ISO 17799 R 2000

    ISO 17799-2005

    ISO 18045 R 2005

    ISO 20000 1 2nd Ed

    ISO 20000 2 R 2005

    ISO 24762 R 2008

    ISO 27001 R 2005

    ISO 27001 2013

    ISO 27002

    ISO 31000 R 2009

    ISO 62304 2006

    ITIL Security Management

    Iceland Act on the Registering Handling of Personal Data

    Idaho Code 28-51-103 through 28-51-107

    Ireland Consolidated Data Protection Acts of 1988 and 2003

    Ireland Data Protection Act of 1988

    Ireland Data Protection Amendment 2003

    Italy Personal Data Protection Code

    Italy Protection of Individuals Other Subject with regard to the Processing of Personal data


    JSOX System Management Standards

    Jalisco Civil Code of the State of Jalisco Article 40 Bis 1 to Article 40 Bis 39

    Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce

    Japan Handbook on the Protection of Personal Data

    Japan Personal Information Protection Act

    Key Steps for Organizations in Responding to Privacy Breaches

    Korea Act on the Promotion of Information Communication Network Utilization Information Protection

    Korea Act on the Protection of Personal Information Maintained by Public Agencies

    Korea Use Protection of Credit Information Act

    Leahy Personal Data Privacy Security Act

    Lithuania Law on Legal Protection of Personal Data

    Luxembourg Law on the Protection of Persons with regard to the Processing of Personal Data

    Marines Corps Order 5511.11D

    Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts

    MasterCard EC Architecture Best Practices

    Medical Device Security Technical Implementation Guide

    Mexico Federal Personal Data Protection Law

    Microsoft Windows Vista Security Guide

    Minnesota Statues, Section 325E.64, Access Devices Breach of Security

    Montana Code - 30-14-1701 thru 30-14-01721 thru 30-14-1722


    NCUA AIRES IT Exam Questionnaires


    NFPA 1600

    NIOSH Protecting Building Environments

    NIST 800 121

    NIST 800 14

    NIST 800 26

    NIST 800 34

    NIST 800 41

    NIST 800 48 R1

    NIST 800 55

    NIST 800 55 R1

    NIST 800 61

    NIST 800 66

    NIST 800 68

    NIST 800 80

    NIST 800 97

    NIST 800-53 R4

    NIST 800 53 R4 High Impact

    NIST 800 53 R4 Low Impact

    NIST 800 53 R4 Moderate Impact

    NIST 800-53A

    NIST 800-92 Computer Security Log Management

    NIST 800 122

    NISTIR 7628 Guidelines for Smart Grid Cyber Security

    NSA Solaris 9

    NSA Windows XP

    National Incident Management System

    National Strategy to Secure Cyberspace

    Nebraska Credit Report Protection Act

    Netherlands Personal Data Protection Act

    New Zealand Privacy Act

    North Carolina Gen. Stat. - 75-60

    OCC Alert 2000 1

    OCC Bulletin 98 3

    OECD Corporate Governance

    OECD Privacy

    OECD Risk Checklist

    OMB Circular A 130 Appendix III

    OMB Circular No. A-123

    Organizational Resilience Security Preparedness and Continuity Management Systems - Requirements with Guidance for Use ASIS SPC.1-2009

    PAS 77

    PCAOB AS 2


    PCI DSS 2.0

    PCI DSS 3.0 - Appendix A

    PCI DSS 3.0 - Appendix A Testing Procedures

    PCI DSS 3.0 - Testing Procedures

    PCI DSS 3.0 Requirements

    PCI DSS 3.0 SAQ A-EP

    PCI DSS 3.0 SAQ B

    PCI DSS 3.0 SAQ B-IP

    PCI DSS 3.0 SAQ C

    PCI DSS 3.0 SAQ C-VT

    PCI DSS 3.0 SAQ D Merchant

    PCI DSS 3.0 SAQ D Service Provider


    PCI DSS Wireless Guideline

    PCI PA DSS 1.1


    PCI SAQ B 1.1


    PCI SAQ C 1.1


    PCI SAQ D 1.1

    Patient Protection and Affordable Care Act

    Poland Act of August 29 on the protection of personal data

    Response Programs for Unauthorized Access

    Revised Code of Washington, Sections 19.215.005 thru 19.215.030

    Right to Financial Privacy Act

    SAS 94

    SECNAV Instruction 3850.4

    Sarbanes Oxley SOX

    Securities Exchange Act 1934

    Security Requirements for List X Contractors

    Shared Assessments SIG - B. Security Policy

    Shared Assessments SIG - C. Organizational Security

    Shared Assessments SIG - D. Asset Management

    Shared Assessments SIG - F. Physical and Environmental

    Shared Assessments SIG - G. Communications and Operations Management

    Shared Assessments SIG - H. Access Control

    Shared Assessments SIG - I. Information Systems Acquisition Development

    Shared Assessments SIG - J. Incident Event and Communications Management

    Shared Assessments SIG - K. Business Continuity and Disaster Recovery

    Shared Assessments SIG - L. Compliance

    Shared Assessments SIG - P. Privacy

    Shared Assessments SIG - V. Cloud

    Slovak Republic Act on Personal Data Protection

    Sound Practices of Operational Risk

    South African Interception of Communications Act

    South Carolina Code of Laws Credit Card and Breach of Security of Business Data Notification

    Spain Organic Law  on the Protection of Personal Data

    Spam Act 2003

    Strategies to Mitigate Targeted Cyber Intrusions

    Sweden Personal Data Act

    Switzerland Federal Act on Data Protection

    TSA Security for Airports

    Taiwan Computer Processed Personal Data Protection Law

    Tennessee Identity Theft Deterrence Act of 1999

    The Act on Processing of Personal Data Denmark

    The Contractual Process

    The Electronic Communications and Transactions Act

    The Patient Safely and Quality Improvement Act of 2005

    The Personal Data Protection Law for the Federal District Mexico City

    Third-Party Relationships Risk Management Guidance OCC bulletin 2013-29

    Title 49 TSA Aviation

    Tlaxcala Law on Access to Public Information and Personal Data Protection

    UK Data Protection Act of 1998

    UN Guidelines for the Regulation of Computerized Personal Data Files


    US EAR


    US Virgin Islands Electronic Medical Records Act

    VISA Ecommerce Merchants Guide to Risk Management

    VISA Incident Response Procedure for Account Compromise

    VISA CISP What to Do If Compromised

    Wyoming Statutes - 40-12-501 thru 40-12-509