Guarantee legal compliance
Summary
The system must comply with the legal requirements of the jurisdiction to which it is subject.
Description
If a system complies with legal requirements becomes responsible and lawful in its operation. It protects the organization from legal consequences, builds trust with users and stakeholders, and aligns the systems with regulatory expectations. Non-compliance with legal requirements can lead to serious consequences, including fines, penalties, legal actions, and reputational damage.
References
- GDPR-R45. Fulfillment of legal obligations
- FCRA-605-H_2. Regulations
- GLBA-501_A. Privacy obligation policy
- MISRAC-1_1. All code shall conform to legal compliance
- NYDFS-500_3. Cybersecurity policy
- PDPA-3_12. Policies and practices
- PDPO-5_19. Compliance with data access request
- PDPO-S1_5. Information to be generally available
- CMMC-AC_L2-3_1_3. Control CUI flow
- HITRUST-01_a. Access control policy
- HITRUST-02_d. Management responsibilities
- HITRUST-04_a. Information security policy document
- HITRUST-06_a. Identification of applicable legislation
- HITRUST-06_b. Intellectual property rights
- HITRUST-06_f. Regulation of cryptographic controls
- HITRUST-06_g. Compliance with security policies and standards
- HITRUST-09_i. System acceptance
- HITRUST-13_g. Purpose legitimacy
- FEDRAMP-SA-1. System and services acquisition policy and procedures
- FEDRAMP-SC-1. System and communications protection policy and procedures
- ISO27002-5_34. Privacy and protection of Personal Identifiable Information (PII)
- LGPD-7_II. Requirements for the Processing of Personal Data
- LGPD-7_VI. Requirements for the Processing of Personal Data
- LGPD-26. Rules
- LGPD-51. Good Practice and Governance
- WASSEC-8_4_1. Compliance report
- OSSTMM3-9_1_1. Wireless security (posture review) - Policy
- PTES-7_2_1. Post exploitation - Rules of engagement (protect the client)
- OWASPRISKS-P5. Non-transparent policies, terms and conditions
- MVSP-1_6. Business controls - Compliance
- NIST800115-6_6. Legal considerations
- SIGLITE-SL_23. Is there an information security policy that has been approved by management and an owner to maintain and review the policy?
- SIG-B_1. Security policy
- SIG-B_1_1. Security policy
- SIG-L_1. Compliance
- ASVS-1_1_1. Secure Software Development Lifecycle
- ISO27001-5_34. Privacy and protection of Personal Identifiable Information (PII)
Weaknesses
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.
Supported In
This requirement is verified in following services
Essential Plan
Advanced Plan