cancel
Showing results for 
Search instead for 
Did you mean: 

Compliance Regulations available in 9.5.2 - Updated March 23, 2016

Compliance Regulations available in 9.5.2 - Updated March 23, 2016

The following is a list of the supported compliance regulations available within McAfee SIEM as of 9.5.2 .  They can be accessed from the filter called "Compliance ID" on the right side of the ESM and applied to any view.  Additionally, they can be accessed in the query wizard for a view component or a report component so that view or report will only include events that meet the compliance regulation.

Compliance Regulations Supported in ESM 9.5.0+

10 CFR Part 73.54

12 CFR Part 748

16 CFR Part 312

16 CFR Part 314

18 UCS – 2710

18-UCS – 2721

21 CFR Part 11

21 CFR Part 820

32 CFR 149

34 CFR Part 99

42 CFR Part 3 Patient Safety and Quality Improvements

42 CFE Parts 412 413 422 et al.

45 CFR Part 164

49 CFR Part 1542

5 USC - 552a

6 CFR Part 27

A 123 Implementation Guide

ACH Operating Rules OCC Bulletin 2004 58

ACSI 33

AICPA Identity Theft Prevention Program

AICAP Privacy

AICPA Suitable Trust

AICPA Trust Services

APRA PPG 234

AR 380 19

ASIS POA Manual

ARMA Information Governance Assessment Audit Questions

ARMA Information Governance Assessment Controls

Act on the Protection of Personal Data 67-98

Alaska Personal Information Protection Act Chapter 48

Amex DSS

Annex 11 Guide to Good Manufacturing Practice for Medicinal Products

Anti-Counterfeiting Trade Agreement

Appendix of 12 CFR Part 30

Apple OS X Security Config

Argentina Personal Data Protection Act

Australia Privacy Amendment Act

Australia Spam Act of 2003

Australia Spam Business Practical Guide

Australia Telecommunications Act

Australia Business Continuity Management Guide

Australian Government Information Security Manual Controls

Australian Privacy Act 1988

Austria Data Protection Law

Austria Telecommunications Act 2003

Authentication in an Internet Banking Environment

Aviation Transportation Security Act

BS 25999-1 Guide to Business Continuity Management

BS25999-2 Business continuity management specification

BS ISO IEC 20000 2 2005

BSI-Standard 100-2

Bank Secrecy Act

Basel II

Belgian Law of 8 December 1992 on the protection of privacy in relation to the processing of personal data

Bosnia Law on Protection of Personal Data 2001

C TPAT Best Practices

C TPAT Importers Guide

CA SB 1386

CAN SPAM Act of 2003

CCE v5 - AIX 5.3

CCE v5 - HP-UX 11.23

CCE v5 - Red Hat Enterprise Linux 4

CCE v5 - Red Hat Enterprise Linux 5

CCE v5 - Sun Solaris 10

CCE v5 - Sun Solaris 8

CCE v5 - Sun Solaris 9

CCE v5 - Windows 2000

CCE v5 - Windows 7

CCE v5 - Windows Server 2003

CCE v5 - Windows Server 2008

CCE v5 - Windows Vista

CCE v5 - Windows XP

CERT OCTAVE - S

CI Security AIX

CIS CentOS 6 Level 2

CI Security Free BSD

CI Security HP UX

CI Security Novell OES NetWare

CI Security Red Hat Enterprise Linux 1

CI Security Red Hat Enterprise Linux 1 05

CI Security Slackware Linux

CI Security Solaris 10

CI Security Solaris 9

CI Security SuSE Linux Enterprise Server

CI Security Ubuntu 12.04 LTS Level 2

CI Security Windows 2000

CI Security Windows 2000 Server

CI Security Windows 2000 Server Level 2 Benchmark

CI Security Windows 2K Pro

CI Security Windows NT

CI Security Windows XP

CIS RHEL 6 Level 2

CIS WIRELSS NETWORKING BENCHMARK

CIS Wireless Security Cisco Addendum

CIS Wireless Security Linksys Addendum

CIS-Windows7-Enterprise-Desktop

CIS-Windows7-Enterprise-Laptop

CIS-Windows7-SSLF-Desktop

CIS-Windows7-SSLF-Laptop

CISWIG 1

CISWIG 2

CMA Code of Ethics Standards

CMS Business Partners Systems Security Manual

CMS Core Security Requirements CSR

CMS System Security Plan Procedure

COSO ERM

CSIS 20 Critical Security Controls

Cable Communications Privacy Act

California Civil Code 17851-1785.6

California Civil Code 1789.91

California Civil Code 1798.25-1798.29 Accounting of Disclosures

California OPP Notification of Security Breach

Canada Personal Information Protection Electronic Documents Act

Canada Privacy Policy Principles

Childrens Online Privacy Protection Act

China Personal Data Ordinance of Hong Kong 2

Clinger Cohen Act

Cloud Security Alliance CCM

Cloud Security Alliance CCM v1.1

Cloud Security Alliance CCM v1.2

Cloud Security Alliance CCM v1.3

CobiT

Colima Personal Data Protection Law

Computer Security Incident Handling

Criminal Justice Information Services Security Policy

Cross Border Privacy Assessment

Czech Republic Data Protection Act

DIBA Info Assurance Standard

DIRKS

DISA Access Control STIG

DISA Apriva Sensa e mail Version 5 Release 2.2

DISA BLACKBERRY CHECKLIST 1.2 Version 5 Release 2.4

DISA Motorola Wireless e mail Version 5 Release 2.3

DISA Multi-Function Device and Printer Checklist

DISA Secure Remote Computing STIG v1 r2

DISA Unisys STIG V7R2

DISA Unix STIG V5R1

DISA WIRELESS SECURITY CHECKLIST

DISA Windows Mobile Messaging STIG Version 5 Release 2.4

DISA Windows Server 2003 Security Checklist

DISA Windows VISTA Security Checklist

DISA Windows XP Security Checklist

DOD 5015 2

DOT Physical Security Checklist

DoD 5220 22 NISPOM

DoD Instruction 5240.5

DoD Instruction 8500.2 DIACAP

EC ECNS DPP Regulations 2003

EU Data Protection Directive 95 46 EC

EU Directive on privacy and electronic communications

EU Safe Harbor US European

Equal Credit Opportunity Act

EudraLex Rules Governing Medicinal Products in the European Union Annex

FACT Act

FACTA Red Flag

FCRA

FDA General Principles of Software Validation

FDA Guidance for Industry Part 11 Electronic Records and Signatures

FFIEC Audit

FFIEC Business Continuity Planning

FFIEC Development Acquisition

FFIEC E Banking

FFIEC Information Security

FFIEC Management

FFIEC Operations

FFIEC Outsourcing Technology Services

FFIEC Retail Payment Systems

FFIEC Supervision of Technology Service Providers

FFIEC Wholesale Payment Systems

FIPS Pub 140 2

FIPS Pub 188

FIPS Pub 190

FIPS Pub 200

FIPS Pub 201-1

FISC Security Guidelines on Computer Systems for Banking and Related Financial Institutions

FISCAM

FTC FACT Act Red Flags Rule Template

FedRAMP Baseline Security Controls

Federal Information Security Management Act FISMA

Federal Rules of Evidence

Finland Act on the Protection of Privacy in Electronic Communications

Finland Personal Data Act

France Data Protection Act

GAO Financial Audit Manual

General Accepted Privacy Principles

Georgia Code - 10-1-911 thru 10-1-915 Security Breach notification

German Corporate Governance Code

Germany Data Protection Act

Good Practices for Computerized systems in Regulated GXP Environments

Greece Law on the Protection of Individuals with regard to the Processing of Personal Data

Guanajuato Personal Data Protection Law

Guidance on the Information Charter

Guide to Protecting the Confidentiality of Persona Identifiable Information PII

HIPAA

HIPAA Electronic Health Record Technology

HIPAA HCFA

HITECH title within the American recovery and Reinvestment Act of 2009

HMG BASELINE PERSONAL SECURITY STANDARD

HMG Security Policy Framework

Hungary Act No LXIII of 1992

IEC 8000-1

IIA GTAG 1

IIA GTAG 10

IIA GTAG 2

IIA GTAG 3

IIA GTAG 4

IIA GTAG 5

IIA GTAG 6

IIA GTAG 7

IIA GTAG 8

IIA GTAG 9

IRS Pub 1075

IRS Rev Rroc 98 25

ISF Security Audit of Networks

ISF Standard of Good Practice 2007

ISF Standard of Good Practice 2012

ISF Standard of Good Practice 2013

ISO 12931:2012, Performance Criteria for Authentication Solutions Used to Combat Counterfeiting of Material Goods

ISO 15489 1

ISO 15489 2

ISO IEC 27002

ISO 13335 1

ISO 13335 3 R 1998

ISO 13335 4 R 2000

ISO 13335 5 R 2001

ISO 13485 2003

ISO 15288 R 2008

ISO 15408 3 R 2008

ISO 15408 2 R 2008

ISO 17799 R 2000

ISO 17799-2005

ISO 18045 R 2005

ISO 20000 1 2nd Ed

ISO 20000 2 R 2005

ISO 24762 R 2008

ISO 27001 R 2005

ISO 27001 2013

ISO 27002

ISO 31000 R 2009

ISO 62304 2006

ITIL Security Management

Iceland Act on the Registering Handling of Personal Data

Idaho Code 28-51-103 through 28-51-107

Ireland Consolidated Data Protection Acts of 1988 and 2003

Ireland Data Protection Act of 1988

Ireland Data Protection Amendment 2003

Italy Personal Data Protection Code

Italy Protection of Individuals Other Subject with regard to the Processing of Personal data

JSOX

JSOX System Management Standards

Jalisco Civil Code of the State of Jalisco Article 40 Bis 1 to Article 40 Bis 39

Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce

Japan Handbook on the Protection of Personal Data

Japan Personal Information Protection Act

Key Steps for Organizations in Responding to Privacy Breaches

Korea Act on the Promotion of Information Communication Network Utilization Information Protection

Korea Act on the Protection of Personal Information Maintained by Public Agencies

Korea Use Protection of Credit Information Act

Leahy Personal Data Privacy Security Act

Lithuania Law on Legal Protection of Personal Data

Luxembourg Law on the Protection of Persons with regard to the Processing of Personal Data

Marines Corps Order 5511.11D

Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts

MasterCard EC Architecture Best Practices

Medical Device Security Technical Implementation Guide

Mexico Federal Personal Data Protection Law

Microsoft Windows Vista Security Guide

Minnesota Statues, Section 325E.64, Access Devices Breach of Security

Montana Code - 30-14-1701 thru 30-14-01721 thru 30-14-1722

NASD

NCUA AIRES IT Exam Questionnaires

NERC CIP

NFPA 1600

NIOSH Protecting Building Environments

NIST 800 121

NIST 800 14

NIST 800 26

NIST 800 34

NIST 800 41

NIST 800 48 R1

NIST 800 55

NIST 800 55 R1

NIST 800 61

NIST 800 66

NIST 800 68

NIST 800 80

NIST 800 97

NIST 800-53 R4

NIST 800 53 R4 High Impact

NIST 800 53 R4 Low Impact

NIST 800 53 R4 Moderate Impact

NIST 800-53A

NIST 800-92 Computer Security Log Management

NIST 800 122

NISTIR 7628 Guidelines for Smart Grid Cyber Security

NSA Solaris 9

NSA Windows XP

National Incident Management System

National Strategy to Secure Cyberspace

Nebraska Credit Report Protection Act

Netherlands Personal Data Protection Act

New Zealand Privacy Act

North Carolina Gen. Stat. - 75-60

OCC Alert 2000 1

OCC Bulletin 98 3

OECD Corporate Governance

OECD Privacy

OECD Risk Checklist

OMB Circular A 130 Appendix III

OMB Circular No. A-123

Organizational Resilience Security Preparedness and Continuity Management Systems - Requirements with Guidance for Use ASIS SPC.1-2009

PAS 77

PCAOB AS 2

PCI DSS

PCI DSS 2.0

PCI DSS 3.0 - Appendix A

PCI DSS 3.0 - Appendix A Testing Procedures

PCI DSS 3.0 - Testing Procedures

PCI DSS 3.0 Requirements

PCI DSS 3.0 SAQ A-EP

PCI DSS 3.0 SAQ B

PCI DSS 3.0 SAQ B-IP

PCI DSS 3.0 SAQ C

PCI DSS 3.0 SAQ C-VT

PCI DSS 3.0 SAQ D Merchant

PCI DSS 3.0 SAQ D Service Provider

PCI DSS 3.0 SAQ P2PE-HW

PCI DSS Wireless Guideline

PCI PA DSS 1.1

PCI SAQ B

PCI SAQ B 1.1

PCI SAQ C

PCI SAQ C 1.1

PCI SAQ D

PCI SAQ D 1.1

Patient Protection and Affordable Care Act

Poland Act of August 29 on the protection of personal data

Response Programs for Unauthorized Access

Revised Code of Washington, Sections 19.215.005 thru 19.215.030

Right to Financial Privacy Act

SAS 94

SECNAV Instruction 3850.4

Sarbanes Oxley SOX

Securities Exchange Act 1934

Security Requirements for List X Contractors

Shared Assessments SIG - B. Security Policy

Shared Assessments SIG - C. Organizational Security

Shared Assessments SIG - D. Asset Management

Shared Assessments SIG - F. Physical and Environmental

Shared Assessments SIG - G. Communications and Operations Management

Shared Assessments SIG - H. Access Control

Shared Assessments SIG - I. Information Systems Acquisition Development

Shared Assessments SIG - J. Incident Event and Communications Management

Shared Assessments SIG - K. Business Continuity and Disaster Recovery

Shared Assessments SIG - L. Compliance

Shared Assessments SIG - P. Privacy

Shared Assessments SIG - V. Cloud

Slovak Republic Act on Personal Data Protection

Sound Practices of Operational Risk

South African Interception of Communications Act

South Carolina Code of Laws Credit Card and Breach of Security of Business Data Notification

Spain Organic Law  on the Protection of Personal Data

Spam Act 2003

Strategies to Mitigate Targeted Cyber Intrusions

Sweden Personal Data Act

Switzerland Federal Act on Data Protection

TSA Security for Airports

Taiwan Computer Processed Personal Data Protection Law

Tennessee Identity Theft Deterrence Act of 1999

The Act on Processing of Personal Data Denmark

The Contractual Process

The Electronic Communications and Transactions Act

The Patient Safely and Quality Improvement Act of 2005

The Personal Data Protection Law for the Federal District Mexico City

Third-Party Relationships Risk Management Guidance OCC bulletin 2013-29

Title 49 TSA Aviation

Tlaxcala Law on Access to Public Information and Personal Data Protection

UK Data Protection Act of 1998

UN Guidelines for the Regulation of Computerized Personal Data Files

URAC

US EAR

US ITAR

US Virgin Islands Electronic Medical Records Act

VISA Ecommerce Merchants Guide to Risk Management

VISA Incident Response Procedure for Account Compromise

VISA CISP What to Do If Compromised

Wyoming Statutes - 40-12-501 thru 40-12-509

Comments
kcole

As a follow up to the above, I thought it might be helpful to provide an example of using the compliance filters within the SIEM.  The example below is for views but can also be applied in reports.  In the below screenshot, we are looking at the normalized dashboard, after scrolling down to compliance within the filters, you need to select the filter icon within compliance then select PCI DSS 2.0 > 10.2.2 which looks for "All actions taken by any individual with root or administrative privileges". 

ucf1.png

Once the compliance regulation is selected, you need to click "OK" and then the refresh icon at the top of the filter view.  This will update the view to include only the events that were initiated by adminstrators for the time period specified for the view.  The results are below:

ucf filter.png

The advantage of using the compliance filters is that they can be used against any default views or custom views.  Below is the default Event Summary view that has the same PCI DSS 2.0 10.2.2 filter applied to it. 

ucf filter 2.png

jcvpesina

Exactly how can i use the "Mexico Federal  Personal Data Protection Law" that is mentioned in this note? exactly where does it appear under SIEM console? I am using 9.2.1.

Thanks.

kcole

Hello,

Did you happen to see the example above (just below the list of compliance regulations)?  It demonstrates that you can access the compliances from the compliance filter and apply it to any view or report template within the SIEM.  You can also create custom views or reports if the default ones are not showing you all of the fields/values you need. 

Please let me know if you still have questions.

Kara

jcvpesina

Got it! I have seen how to go to those reports via the filtering options (Compliance ID)... !

Thanks so much!

JC

LFDPDPP.png

xded

Hi,

is there any solution to set this Compliance Filters for all User but not for the NGCP User?

JohnStark

When will 9.5 be available?  What are the major changes in that release?

cly

@ kcole   I stumbled on this searching for something else. I'm on version 9.5.1 and the I cannot find any IDs related to PCI 3.1, but I must say - AWESOME tip.  Thank you!

Version history
Revision #:
1 of 1
Last update:
‎11-15-2012 08:34 AM
Updated by: