List of Obligations
Modified on Thu, 26 Sep at 1:08 PM
Below is the latest list of obligation. In order to add this to your C1Risk instance, click here.
Last Updated September 26, 2024
| Obligation Name | Version |
| 21 CFR Part 11 Electronic Records; Electronic Signatures | FDA 2017 |
| 29 CFR Part 1910 OSHA | OSHA 06/18/1998 |
| 29 CFR Part 1926 OSHA | OSHA 06/18/1998 |
| A2LA: Accreditation | 2021 |
| ANSI/X9 TR-39-2009 | ANSI 2009 |
| APEC Privacy Framework (Asia Pacific Economic Cooperation) | APEC 2015 (Revised) |
| AUP v2 Shared Assessments | AUP 2016 v2 (Copyright) |
| BSA (Bank Secrecy Act) | 1970 |
| BSA (FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual) | FFIEC 2014 - 2021 |
| CCM-Cloud Controls Matrix v3.0.1 | CSA CCM v3.0.1 |
| CCPA California Consumer Privacy Act | CA DOJ 2018 |
| CFR PART 748—SECURITY PROGRAM, SUSPICIOUS TRANSACTIONS, CATASTROPHIC ACTS, CYBER INCIDENTS, AND BANK SECRECY ACT COMPLIANCE | February 5, 2019 |
| CFR PART 749—RECORDS PRESERVATION PROGRAM AND APPENDICES—RECORD RETENTION GUIDELINES; CATASTROPHIC ACT PREPAREDNESS GUIDELINES | Feb. 5, 2019 |
| China: Cyber Security Law of the People's Republic of China | China 2017 |
| China: Personal Information Protection Law of the People's Republic of China | November 1, 2021 |
| CIS 6.0 (Center for Internet Security Controls v6.0) ) | CIS v6.0.2015) |
| CIS 7.0 (Center for Internet Security Controls v7.0) | 2018.v7.0 |
| CIS 7.1 (Center for Internet Security Controls v7.1) | 4/19/2020 Version 7.1 |
| CIS 8.0 (Center for Internet Security Controls v8.0) | Version 8.0 May 2021 |
| CIS AWS Foundations | CIS v1.1.0 |
| CMMC Cybersecurity Maturity Model Certification 2020 | DOD v1.02 03/18/2020 |
| COBIT 5 | ISACA COBIT® 5 |
| Colorado Statutes | 2021 |
| CRI Cyber Profile 1.0 (Cyber Risk Institute - CRI) | v1.1 |
| CRI Cyber Profile 2.0 (Cyber Risk Institute - CRI) | v2.0 |
| CSA 3.0.1 (Cloud Security Alliance CCM - CAIQ) | CAIQ v3.0.1 |
| CSA 4.0 (Cloud Security Alliance CCM - CAIQ) | CAIQ v4.02 |
| Dell Tier 1 Compliance Protocol | 2022 |
| DORA (Digital Operations Resiliency Act) | Janaury 2023 |
| European Market Infrastructure Regulation (EMIR) | EU FCA 2016 |
| FCA PS17/19 | FCA 2017 |
| FedRAMP High Baseline / NIST SP 800-53 Revision 4 | 2018 |
| FedRAMP High Baseline / NIST SP 800-53 Revision 5 | NIST SP 800-53r5 |
| FedRAMP Low Baseline / NIST SP 800-53 Revision 4 | 2018 |
| FedRAMP Low Baseline / NIST SP 800-53 Revision 5 | NIST SP 800-53r5 |
| FedRAMP Moderate Baseline / NIST SP 800-53 Revision 4 | 2018 |
| FedRAMP Moderate Baseline / NIST SP 800-53 Revision 5 | NIST SP 800-53r5 |
| FFIEC Cybersecurity Assessment Tool (CAT) | FFIEC 2015 |
| FFIEC IT Examination Handbook (Management) | November 2015 |
| FFIEC IT Examination Handbook (Architecture, Infrastructure, and Operations) | June 2021 |
| FFIEC IT Examination Handbook (Audit) | April 2012 |
| FFIEC IT Examination Handbook (Business Continuity Planning) | FFIEC 2015 |
| FFIEC IT Examination Handbook (Development and Acquisition) | April 2004 |
| FFIEC IT Examination Handbook (Outsourcing Technology Services) | June 2004 |
| FFIEC IT Examination Handbook Information Security | FFIEC 2016 |
| FFIEC Supplement to Authentication in an Internet Banking Environment | FFIEC 2011 |
| FFIEC UBPR (Uniform Bank Performance Report) | FFIEC 2017 |
| FIAML (Mauritius) | 2018 |
| FTC Standards for safeguarding customer information | June 09 2023 |
| GDPR General Data Protection Regulation | EU 2016 |
| GLBA (16 CFR Part 313 Privacy) | May 24, 2002 |
| GLBA (16 CFR Part 314 including Elements) | May 23, 2002 |
| GLBA (Gramm-Leach-Bliley Act) | 1999 |
| Higher Education Vendor Assessment Tool (HECVAT) | Lite |
| HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414 | HITECH Act 2009 |
| HIPAA Privacy | 2013 |
| HIPAA Security 2013 | 2013 |
| HITRUST CSF v11.3.0 | 11.3.0 |
| HiTRUST CSF v8.1 | 2017 (Copyright) |
| ISO / IEC 14001: 2015 | Third edition 2015-09-15 |
| ISO / IEC 17025:2017 | 2017 |
| ISO / IEC 20243: 2018 | 2018 |
| ISO / IEC 22301: 2012 | 2012 |
| ISO / IEC 27001 (es): 2013 | Spanish |
| ISO / IEC 27001: 2013 | 2013 (Copyright) |
| ISO / IEC 27001:2022 | October 2022 |
| ISO / IEC 27002: 2013 | 2013 |
| ISO / IEC 27002: 2022 | Third Edition, March 2022 |
| ISO / IEC 27017: 2015 | 2015 |
| ISO / IEC 27018: 2019 | 2019 |
| ISO / IEC 27031: 2011 | 2011 |
| ISO / IEC 27701:2019 First Edition | 2019 - 08 |
| ISO / IEC 28000: 2007 | 2007 |
| ISO / IEC 42001 | 2023 |
| ISO / IEC 9001: 2015 | 2015 (Copyright) |
| LGDP (English Version) (Brazilian General Data Protection) | PNM 8/14/2018 |
| LGDP (Portuguese version) (Brazilian GDPR) | August 2018 |
| Michigan Statutes Debt Management Act | 2015 |
| MiFIDII | EU/ESMA 2016 |
| New Hampshire Statutes | Statutes: 399-D Debt Adjustment Services |
| NIST AI 100-1 (Artificial Intelligence Risk Management Framework (AI RMF 1.0)) | AI RMF 1.0 |
| NIST CSF 1.1 (Cybersecurity Framework 1.1) | v1.1.2018 |
| NIST CSF 2.0 (Cybersecurity Framework 2.0) | 2024 |
| NIST Privacy Framework Core | 2020 version 1.0 |
| NIST SP 800-171 (2016) | 2016 |
| NIST SP 800-171 Revision 2 with NIST 800-171A | 2020 Revision 2 |
| NIST SP 800-171 Revision 3 | Revision 3, 2024 |
| NIST SP 800-218 (Secure Software Development Framework (SSDF) | 2022 Version 1.1 |
| NIST SP 800-218 Secure Software Development Framework (SSDF) Version 1.1: Recommendations for Mitigating the Risk of Software Vulnerabilities | February 2022 |
| NIST SP 800-223 (High-Performance Computing Security) | February 2024 |
| NIST SP 800-30 Guide for Conducting Risk Assessments | 2012 (Revision 1) |
| NIST SP 800-37 (Risk Management) | 2018 (Revision 1) |
| NIST SP 800-37 Revision 2 (Risk Management) | 2018 Revision 2 |
| NIST SP 800-53 Revision 4 | Revision 4 |
| NIST SP 800-53 Revision 5 | 2020 (with 2023 updates) |
| NYDFS 23 NYCRR PART 500 | NY DFS v1.0 2017 |
| NYDFS 500 23 NYCRR Part 500 Amendment 2 | 2023 2nd Amendment |
| Nymity GDPR 2017 Accountability Framework | 2017 by Nymity |
| ODP Ohio Data Protection Act | Ohio ORC 11/2/2018 |
| OWASP Top 10 Privacy Risk Projects | Countermeasures v1.0 |
| PAC | 2021 |
| PACE (Best Practice Guidelines for Residential PACE Financing Programs) | DOE 11/18/2016 |
| Payment Card Industry (PCI) Point-to-Point Encryption | Version 3.1, 2021 |
| Payment Services Directive (PSD2) | 2015 |
| PCCFDI | Controles Seguridad |
| PCI Payment Card Industry- PCI / DSS v3.1 | v3.1 |
| PCI Payment Card Industry- PCI / DSS v3.2.1 | v3.2.1 2018 |
| PCI Payment Card Industry- PCI / DSS v4.0 | 2022 v4.0 |
| PCI PIN 3.1.A1 – Remote Key Distribution Using Asymmetric Techniques Operations | Annex A |
| PCI PIN 3.1.A2 – Certification and Registration Authority Operations | 2021 |
| PCI PIN 3.1.B - Key Injection Facilities | 2021 |
| PCI PIN Security 3.0 | 2018 version 3.0 |
| PCI PIN Security 3.1 | 2021 version 3.1 |
| PCI Point-to-Point Encryption | 2019 |
| Personal Information Protection and Electronic Documents Act (PIPEDA) | 2017 |
| PHIPA 2004 | 2004 |
| PRIIPS REGULATION (EU) No 1286/2014 | EU 2014 |
| PRISM Privacy + | 2020 |
| Prudential Standard CPS 234 Information Security | July 2019 |
| SACS-002 Third Party Cybersecurity Standard | February 2022 |
| SACS-002 Third Party Cybersecurity Standard 2020 | January 2020 |
| SEC Cybersecurity Disclosure | 2018 |
| Secure Controls Framework (SCF) | 2022-23 |
| SOC 1 (AICPA SOC 1) | 2020 |
| SOC 2 (old) (AICPA TSC SOC 2 100A Type 1 and Type 2) | AICPA TSC 2016 |
| SOC 2 (AICPA TSC SOC 2 Type 1 and Type 2) | AICPA 2017 (with 2022 TSC Revisions) |
| SOC 2 (AICPA TSC SOC 2 Type 1 and Type 2) | AICPA 2017 (with 2022 TSC Revisions) |
| SOX 2002 | 2002 |
| The Payment Services Regulations 2017 | 2017 No. 752 |
| The Payment Services Regulations 2017 Schedules | 2017 No. 752 |
| TL9000 | R6.3 |
| UK Cyber Essentials 2021 | April 2021 version 2.2 |
| UK Cyber Essentials 2022 (with IASME Assessment Controls) | January 2022 version 3.0 |
| Virginia Data Breach Notification § 18.2-186.6 | 2017 |
| WebTrust for Certification Authorities | CPA Canada v2.3 |
Attachments (1)
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article