U.S. Security Guidelines | Uday Ali Pabrai: Cyber Security & Compliance Expert

eStore

ecfirst

HIPAA Academy

testimonials

blog

Invite

events

press

pabrai

Home » U.S. Security Guidelines

For more information, see links below.

Alabama

Attorney General's Office
http://www.ago.state.al.us/

Alaska

Attorney General's Office
http://www.law.state.ak.us/
Protection of Online Privacy Law
http://www.alabamapolicy.org/issues/gti/issue.php?issueID=128&guideMainID=3
Data Security Omnibus with Breach Notice and Social Security Number Use Provisions
http://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDF

Arizona

Attorney General’s Office
http://www.azag.gov

Confidentiality of Personal Identifying Information Laws
http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/01373.htm&Title=44&DocType=ARS
http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/01373-01.htm&Title=44&DocType=ARS
http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/01373-02.htm&Title=44&DocType=ARS
http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/01373-03.htm&Title=44&DocType=ARS

Arkansas

Attorney General’s Office
http://www.ag.state.ar.us/
Personal Information Protection Act
http://www.schwartzandballen.com/ImportedLawsBills/Arkansas%20Security%20Breach.pdf
HIPAA Information Site
http://www.hipaa.state.ar.us/

California

Office of Information Security and Privacy Protection
http://www.oispp.ca.gov/default.asp

California OISSP Health Information Privacy laws
http://www.oispp.ca.gov/consumer_privacy/laws/

Law concerning destruction of customer records
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=civ&group=01001-02000&file=1798.80-1798.84

Health Facilities Data Breach Law
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=hsc&group=01001-02000&file=1275-1289.5

Medical Information Confidentiality Law
http://www.oispp.ca.gov/consumer_privacy/laws/code/cc56.asp?codesection=civ&codebody=&hits=20

Patient Access to Health Records Law
http://www.leginfo.ca.gov/cgi-bin/displaycode?section=hsc&group=123001-124000&file=123100-123149.5

AB 211
http://info.sen.ca.gov/pub/07-08/bill/asm/ab_0201-0250/ab_211_bill_20080930_chaptered.pdf

SB 541
http://info.sen.ca.gov/pub/07-08/bill/sen/sb_0501-0550/sb_541_bill_20080930_chaptered.pdf

Colorado

Department of Law
http://www.ago.state.co.us/index.cfm.html

Connecticut

Attorney General’s Office
http://www.ct.gov/ag/site/default.asp
Act Concerning the Confidentiality of Social Security Numbers
http://www.cga.ct.gov/2008/ACT/Pa/pdf/2008PA-00167-R00HB-05658-PA.pdf

Delaware

Attorney General’s Office
http://attorneygeneral.delaware.gov/
Computer Security Breaches Law Relating to Commerce and Trade
http://delcode.delaware.gov/title6/c012b/index.shtml

District of Columbia

Department of Health
http://doh.dc.gov/doh/site/ default.asp

Florida

Attorney General’s Office
http://myfloridalegal.com/
Florida Privacy and Security Implementation Proposal (June 2007)
http://www.fdhc.state.fl.us/dhit/PandSproject/fpssip.pdf

Georgia

Attorney's General's Office
http://law.ga.gov/02/ago/home/ 0,2705,87670814,00.html
Act for Protection from Disclosure of an Individual's SSN
http://www.legis.ga.gov/legis/ 2005_06/pdf/sb588.pdf

Hawaii

Attorney General's Office
http://hawaii.gov/ag
Effect of Hawaii's New Health Care Information Privacy Act on State Functions
http://hawaii.gov/ag/calendar/ main/opinions/00-02.pdf/view? searchterm=health care

Idaho

Attorney General's Office
http://www2.state.id.us/ag/

Illinois

Attorney General's Office
http://www. illinoisattorneygeneral.gov/
Personal Information Protection Act
http://www.ilga.gov/ legislation/ilcs/ilcs3.asp? ActID=2702&ChapAct=815%26nbsp% 3BILCS%26nbsp%3B530%2F& ChapterID=67&ChapterName= BUSINESS+TRANSACTIONS&ActName= Personal+Information+ Protection+Act%2E

Indiana

Attorney General's Office
http://www.in.gov/ attorneygeneral/

Louisiana

Attorney General's Office
http://www.ag.state.la.us/
Database Security Breach Notification Law
http://www.legis.state.la.us/ lss/lss.asp?doc=322027
Law Library
http://207.67.203.75/ L20013Staff/OPAC/index.asp

Maine

Attorney General's Office
http://www.maine.gov/ag/
Notice of Risk to Personal Data Act
http://www.mainelegislature. org/legis/statutes/10/ title10sec1346.html

Maryland

Attorney General's Office
http://www.oag.state.md.us/
Personal Information Protection Act
http://mlis.state.md.us/asp/ statutes_respond.asp?article= gcl&section=14-3501&Extension= HTML
Social security Number Privacy Act
http://mlis.state.md.us/asp/ statutes_Respond2.asp?article= gcl&section=14-3402

Massachusetts

Attorney General's Office
http://www.mass.gov/?pageID= cagohomepage&L=1&L0=Home&sid= Cago
Security Breach Notification Law
http://www.mass.gov/legis/ laws/mgl/gl-93h-toc.htm

Michigan

Attorney General's Office
http://www.michigan.gov/ag/
Identity Theft Protection Act
http://www.legislature.mi.gov/(S(5zv43b55vphjwufo3f15x055))/mileg.aspx?page=getObject& objectName=mcl-Act-452-of-2004
Social Security Number Privacy Act
http://www.legislature.mi.gov/(S(lostua55muczqvi5mqfoah45))/mileg.aspx?page=getobject& objectname=mcl-445-81

Minnesota

Attorney General's Office
http://www.ag.state.mn.us/
Internet Privacy Statute
https://www.revisor.leg.state. mn.us/bin/getpub.php?pubtype= STAT_CHAP&year=2006&section= 325M
Disclosure of Personal Information
https://www.revisor.leg.state. mn.us/bin/getpub.php?pubtype= STAT_CHAP&year=2006&section= 325E

Mississippi

Attorney General's Office
http://www.ago.state.ms.us/

Missouri

Attorney General's Office
http://ago.mo.gov/
Prohibited Actions Involving Social Security Numbers
http://www.moga.mo.gov/ statutes/c400-499/4070001355. htm

Montana

Attorney General's Office
http://doj.mt.gov/
Impediment of Identity Theft – Mont Code Ann.
http://data.opi.state.mt.us/ bills/mca/30/14/30-14-1701.htm

Nevada

Security of Personal Information Law
http://www.leg.state.nv.us/NRS/NRS-603A.html

Unlawful Acts Regarding Personal Identifying Information Legislation
http://www.leg.state.nv.us/NRS/NRS-205.html

New Connecticut, Nevada, and Massachusetts Privacy and Data Security Requirements
http://www.cov.com/files/Publication/58f80590-c04a-449d-abf9-cdec3c872c84/Presentation/PublicationAttachment/ddaed881-4f83-4dfa-84a0-d29f7d69d89a/States%20Enact%20New%20Privacy%20and%20Data%20Security%20Requirements.pdf

Nebraska

Attorney General's Office
http://www.ago.state.ne.us/
DHHS HIPAA home page
http://www.hhs.state.ne.us/ hipaa/

New Hampshire

Department of Justice
http://doj.nh.gov/
DHHS HIPAA home page
http://www.dhhs.nh.gov/DHHS/ HIPAA/default.htm
Right to Privacy Statute
http://www.gencourt.state.nh. us/rsa/html/NHTOC/NHTOC-XXXI- 359-C.htm

New Jersey

Attorney General's Office
http://www.state.nj.us/lps/
State HIPAA update (Dec 2000)
http://www.state.nj.us/ treasury/pensions/coltr00.htm# hippaupdate

New Mexico

Attorney General's Office
http://www.nmag.gov/office/ Default.aspx
Human Serviced Department Medical Assistance Division
http://www.hsd.state.nm.us/ mad/index.html

New York

Attorney General's Office
http://www.oag.state.ny.us/
HIPAA Information Center
http://www.health.state.ny.us/ nysdoh/hipaa/hipaa.htm
Notification of Unauthorized Acquisition of Private Information
http://www.mofo.com/docs/mofoprivacy/United%20States/NY/NY.pdf

State Consumer Board’s Business Privacy Guide
http://www.consumer.state.ny.us/pdf/the_new_york_business_guide_to_privacy.pdf

Information Security Breach and Notification Act
http://www.cscic.state.ny.us/security/securitybreach/

North Carolina

Department of Justice
http://www.ncdoj.com/
Division of Information Resource Management
http://www.ncdhhs.gov/dirm/

North Dakota

Attorney General's Office
http://www.ag.state.nd.us/
Notice of Security Breach for Personal Information
http://www.legis.nd.gov/ cencode/t51c30.pdf
Department of Human Services
http://www.nd.gov/dhs/

Ohio

HIPAA main page
http://hipaa.ohio.gov/index. htm
HIPAA Security Rule
http://hipaa.ohio.gov/ whitepapers/ proposedsecurityrule.PDF

Tennessee

State HIPAA Information
http://health.state.tn.us/ HIPAA/index.htm

Texas

State HIPAA home page
http://www.dshs.state.tx.us/ hipaa/default.shtm
Attorney General’s Office
http://www.oag.state.tx.us/

Department of Information Resources IT Security Home Page
http://www.dir.state.tx.us/security/index.htm

State Enterprise Security Plan
http://www.dir.state.tx.us/pubs/securityplan2007/StateEnterpriseSecurityPlan.pdf

Texas Privacy Law
http://www.law.uh.edu/healthlaw/perspectives/privacy/010830texas.html

General

Patient Privacy Laws Summary page by state
http://www.patientprivacyrights.org/site/PageServer?pagename=StateLaws_Landing

NIST Security Guidelines

SP 800-124 Guidelines on Cell Phone and PDA Security
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

SP 800-123 Guide to General Server Security
http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf
SP 800-121 Guide to Bluetooth Security
http://csrc.nist.gov/publications/nistpubs/800-121/SP800-121.pdf
SP 800-116 A Recommendation for the Use of PIV Credentials in Physical Access Control Systems (PACS)
http://csrc.nist.gov/publications/nistpubs/800-116/SP800-116.pdf
SP 800-115 Technical Guide to Information Security Testing and Assessment
http://csrc.nist.gov/publications/nistpubs/800-115/SP800-115.pdf
SP 800-114 User's Guide to Securing External Devices for Telework and Remote Access
http://csrc.nist.gov/publications/nistpubs/800-114/SP800-114.pdf
SP 800-113 Guide to SSL VPNs
http://csrc.nist.gov/publications/nistpubs/800-113/SP800-113.pdf
SP 800-111 Guide to Storage Encryption Technologies for End User Devices
http://csrc.nist.gov/publications/nistpubs/800-111/SP800-111.pdf
SP 800-104 A Scheme for PIV Visual Card Topography
http://csrc.nist.gov/publications/nistpubs/800-104/SP800-104-June29_2007-final.pdf
SP 800-101 Guidelines on Cell Phone Forensics
http://csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf
SP 800-98 Guidelines for Securing Radio Frequency Identification (RFID) Systems
http://csrc.nist.gov/publications/nistpubs/800-98/SP800-98_RFID-2007.pdf
SP 800-97 Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
http://csrc.nist.gov/publications/nistpubs/800-97/SP800-97.pdf
SP 800-95 Guide to Secure Web Services
http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf
SP 800-94 Guide to Intrusion Detection and Prevention Systems (IDPS)
http://csrc.nist.gov/publications/nistpubs/800-94/SP800-94.pdf
SP 800-90 Recommendation for Random Number Generation Using Deterministic Random Bit Generators
http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
SP 800-87 Codes for Identification of Federal and Federally-Assisted Organizations
http://csrc.nist.gov/publications/nistpubs/800-87-Rev1/SP800-87_Rev1-April2008Final.pdf
SP 800-79-1 Guidelines for the Accreditation of Personal Identity Verification (PIV) Card Issuers (PCI's)
http://csrc.nist.gov/publications/nistpubs/800-79-1/SP800-79-1.pdf
SP 800-78-1 Cryptographic Algorithms and Key Sizes for Personal Identity Verification
http://csrc.nist.gov/publications/nistpubs/800-78-1/SP-800-78-1_final2.pdf
SP 800-76-1 Biometric Data Specification for Personal Identity Verification
http://csrc.nist.gov/publications/nistpubs/800-76-1/SP800-76-1_012407.pdf
SP 800-73-2 Interfaces for Personal Identity Verification
http://csrc.nist.gov/publications/nistpubs/800-73-2/Update-and-ChangesOverview_sp800-73-2.pdf
http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part1-datamodel-final.pdf
http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part2_end-point-piv-card-application-card-command-interface-final.pdf
http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part3_end-point-client-api-final.pdf
http://csrc.nist.gov/publications/nistpubs/800-73-2/sp800-73-2_part4_transitional-specification-final.pdf
SP 800-68 Guide to Securing Microsoft Windows XP Systems for IT Professionals
http://csrc.nist.gov/itsec/download_WinXP.html
SP 800-66 An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
http://csrc.nist.gov/publications/nistpubs/800-66-Rev1/SP-800-66-Revision1.pdf
SP 800-64 Security Considerations in the System Development Life Cycle
http://csrc.nist.gov/publications/nistpubs/800-64-Rev2/SP800-64-Revision2.pdf
SP 800-61 Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf
SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories: (2 Volumes) - Volume 1: Guide Volume 2: Appendices
http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol1-Rev1.pdf
http://csrc.nist.gov/publications/nistpubs/800-60-rev1/SP800-60_Vol2-Rev1.pdf
SP 800-55 Performance Measurement Guide for Information Security
http://csrc.nist.gov/publications/nistpubs/800-55-Rev1/SP800-55-rev1.pdf
SP 800-53A - Guide for Assessing the Security Controls in Federal Information Systems
http://csrc.nist.gov/publications/nistpubs/800-53A/SP800-53A-final-sz.pdf
http://csrc.nist.gov/groups/SMA/fisma/assessment-cases-overview.html
SP 800-48 Guide to Securing Legacy IEEE 802.11 Wireless Networks
http://csrc.nist.gov/publications/nistpubs/800-48-rev1/SP800-48r1.pdf
SP 800-44 Guidelines on Securing Public Web Servers
http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800-44v2.pdf
SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
SP 800-22 A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications
http://csrc.nist.gov/publications/nistpubs/800-22-rev1/SP800-22rev1.pdf