Standards & Regulations

References to internationally recognized information security standards, guidelines and effective security practices to facilitate information security management planning for Iowa state University.

Family Educational Rights and Privacy Act (FERPA)

The Family Educational Rights and Privacy Act (FERPA) is a federal privacy law that gives parents certain protections with regard to their children's education records, such as report cards, transcripts, disciplinary records, contact and family information, and class schedules.

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy, giving individuals within the European Union more control of their personal data. It was approved in April 2016 and effective May 25, 2018.

Health Insurance Portability and Accountability Act (HIPAA)

Health Insurance Portability and Accountability Act (HIPAA) is United States legislation that provides data privacy and security provisions for safeguarding medical information.

International Traffic in Arms Regulations (ITAR)

International Traffic in Arms Regulations (ITAR) is a United States regulatory regime to restrict and control the export of defense and military related technologies to safeguard U.S. national security and further U.S. foreign policy objectives. For more information visit US Department of State Directorate of Defense Trade Control page.

MITRE Corporation (MITRE)

The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers. MITRE provides innovative, practical solutions for some of our nation's most critical challenges.

National Institute of Standards and Technology (NIST)

The National Institute of Standards and Technology (NIST) was founded in 1901. NIST is one of the nation's oldest physical science laboratories providing technology, measurements, and standards for a wide range of technologies.

Open Web Application Security Project (OWASP)

OWASP is an international organization supported by the OWASP Foundation. OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.

Payment Card Industry (PCI)

PCI DSS is the global data security standard adopted by the payment card brands for all entities that process, store or transmit cardholder data. It consists of common sense steps that mirror security best practices for the protection of cardholder payment data.

SANS Institute (SANS)

SANS provides intensive, immersion training designed to help you and your staff master the practical steps necessary for defending systems and networks against the most dangerous threats - the ones being actively exploited. Many of the valuable SANS resources are free to all who ask.