Public Companies and many vertical industries are affected by Public Laws, Directives and Regulations; these emerging requirements are driving current day IT Security Governance, Risk Management, Audit and Compliance (GRC) efforts.

Healthcare has emerging IT requirements affecting IT Security: Health Insurance Portability and Accountability Act (HIPAA) Security Rule The Medicaid Information Technology Architecture (MITA)

Federal Government Organizations have several IT requirements requiring IT Security improvements for agency and contracted systems: Federal Information Security Management Act (FISMA) MB 07-16: Safeguarding Against and Responding to the Breach of Personally Identifiable Information

Financial institutions have security and privacy requirements enacted by public laws and regulations: The Gramm-Leach-Bliley Financial Modernization Act (GLBA) The Payment Card Industry Data Security Standard (PCI DSS)

Publicly traded companies are required by law to comply with the Sarbanes-Oxley Act (SOX) of 2002; it was enacted to increase regulatory visibility and accountability of public companies. SOX is currently a law, and even smaller companies are now required to comply with Section 404

The North American Electric Reliability Council (NERC) has issued eight reliability standards on cyber security requirements: NERC approved Cyber Security Standards CIP-002 through CIP-009

The Department of Defense (DOD) has adopted DOD Information Assurance Certification and Accreditation Process (DIACAP): DIACAP IT Security Requirements are very similar to FISMA requirements