A set of best practices to help organizations defend against the most pervasive and dangerous cyber threats. Consists of 18 Critical Security Controls and 3 Implementation Groups.

Offers guidelines on managing and reducing cybersecurity risks, widely used across various sectors, including higher education.

An international standard providing requirements for an information security management system (ISMS).

A federal law which applies to organizations who operate a healthcare facility or a health plan (a "covered entity") as well as the third-party services they share data with (a "business associate"). Focused on consumer protection for patients health information (PHI). 

A federal law which grants parents the right to access their children's educational records, request amendments to these records, and exercise some control over the disclosure of personally identifiable information contained within them.

A EU law, which applies when organizations collect, store, process or share personal data of individuals located in the European Union. It emphasizes stringent data protection and privacy rules.

A Chinese law, which applies when organizations collect, store, process or share personal data of individuals located in the China. It emphasizes stringent data protection and privacy rules.

A state law, which requires businesses to develop a comprehensive written information security program (WISP) to protect residents' personal data with detailed technical and procedural safeguards.

Standards for handling certain types of unclassified information that require safeguarding or dissemination controls, often applicable in research contracts.

A publication by the National Institute of Standards and Technology which outlines security requirements for protecting the confidentiality of Controlled Unclassified Information in Non-Federal Information Systems and Organizations.

National Security Presidential Memorandum-33 requires all federal research funding agencies to strengthen and standardize disclosure requirements for federally funded awards.

Applies when conducting research funded by the U.S. federal government, with requirements for information security controls often applicable in research contracts.

U.S. frameworks like ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulations), affecting research regarding national security or military applications.