Today, both government and industry must comply with regulations designed to safeguard the confidentiality, integrity, and availability of electronic data from security breaches. Securing data is more than just good practice. For many industries, it's the law.

SCAP Compliance –

The U.S. National Institute of Standards and Technology (NIST) is in the process of standardizing how computers communicate vulnerability information and the content of that information via the Security Content Automation Protocol (SCAP). SAINT developers are building SCAP-compliance into SAINT products. SAINT is included on the NIST National Vulnerability Database vulnerability scanners Web page.

SAINT Customer Compliance –

SAINT® vulnerability assessments help government agencies and businesses safeguard information and comply with regulations. Network scans and penetration tests keep administrators and executives aware of threats to their systems. SAINT's easy-to-read reports provide a simple way to assess, rank, and prioritize the threats. SAINT's reports document network security efforts and demonstrate compliance with privacy laws and industry regulations.

SAINT® is helping both government and commercial organizations comply with the following laws and regulations:

• PCI DSS for Merchants –
  All merchants who accept payment cards (including online, mail, and phone orders) need to comply with the Payment Card Industry (PCI) data security standard (DSS). The PCI DSS was developed as a guideline to help merchants prevent credit card fraud, hacking, and other security threats.
  
  
• Government –
  The Federal Information Security Management Act of 2002 (FISMA) requires federal agencies to provide information security for their information technology assets.
  
  
• Healthcare –
  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) regulates the security and privacy of patient records and other health information.
  
  
• Financial Institutions –
  The Gramm Leach Bliley Act (GLBA) requires IT controls to keep customer financial information private and confidential.
  
  
• Companies with general-audience Web sites –
  The Children's On-line Privacy Protection Act (COPPA) requires companies who collect data from children to implement safeguards.
  
  
• Public Companies –
  The Sarbanes-Oxley Act (SOX) of 2002 requires companies to implement controls to safeguard financial data.