- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
Internet Security Tools for Defense In-Depth
- WhatWorks Home
- WhatWorks Poster - COSEC: Compliance through Security
- WALL 1: Proactive Software Assurance
- WALL 2: Blocking Attacks: Network Based
- WALL 3: Blocking Attacks: Host Based
- WALL 4: Eliminating Security Vulnerabilities
- WALL 5: Safely Supporting Authorized Users
- WALL 6: Tools to Manage Security and Maximize Effectiveness
SANS instructors are top tier on all training classes.
-Fuchu Liu, First Quadrant
Applicable Sections in Compliance Mandates
Most guidance simply tells enterprises which standards apply. SANS Compliance Map provides the specific section references to help ensure you get compliance AND security. This chart shows where the products listed under each Defensive Wall help you meet specific sections of each compliance mandate.
Wall 1.1
PCI/DSS 6.3.6, 6.3.7, 6.6SOX A12.8
GLBA 16CFR Part 314.4(b) & (2)
FISMA RA-5, SC-18, SA-11 SI-2
ISO 27001/27002 12.4.1, 12.4.3, 12.5
Wall 1.2
PCI/DSS 6.3SOX A12.4
GLBA 16CFR Part 314.4(b) & (2)
HIPAA 164.303(a)(1)(i)
FISMA RA-5, SA-11, SI-2
ISO 27001/27002 12.6, 15.2.2
Wall 1.3
PCI/DSS 6.3.7SOX A12.7, A12.8, DS7
HIPAA 164.308(a)(3)
FISMA SA-11, SI-2
ISO 27001/27002 6.1.8, 8.2.1-2
Wall 2.1
PCI/DSS 10.6, 11.4SOX A13.2, DS5.10
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.306(a)(2), 164.308(a)(1), 164.308(a)(6)42
FISMA SI-4, AC-2
ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 10.10.4, 15.1.5
Wall 2.2
PCI/DSS 11.1SOX A13.2, DS5.10
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)
FISMA AC-18
ISO 27001/27002 Same as Wall 2.1
Wall 2.3
PCI/DSS 11.4SOX A13.2, DS5.5, DS5.10
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)42
FISMA IR-4, SI-4
ISO 27001/27002 Same as Wall 2.1
Wall 2.4
PCI/DSS Requirements 1 & 5SOX A13.2, DS5.9, DS5.10
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)42, 164.308(a)(5)
FISMA AC-4, SC-7, SI-3, SI-8
ISO 27001/27002 10.4, 10.6.2, 10.10.1, 10.10.2, 10.10.4, 11.4.5, 11.6, 11.7.1, 12.5.5, 12.6.1, 15.1.5
Wall 2.5
PCI/DSS Requirement 5SOX A13.2, DS5.9, DS5.10
GLBA 16CFR Part 314.4 (b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)
FISMA AC-4, SC-7, SI-3
ISO 27001/27002 Same as Wall 2.1
Wall 2.6
PCI/DSS 4.2, Requirement 5SOX A13.2, DS5.9, DS5.10, DS5.11
GLBA 16CFR Part 314.4, (b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)
FISMA AC-4, SC-7, SI-3, SI-8
ISO 27001/27002 10.6.2, 10.8.4, 10.10.1, 10.10.2, 11.4.6, 15.1.5
Wall 2.7
PCI/DSS 6.6SOX A13.2, DS5.10
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.308(a)(1), 164.308(a)(6)
FISMA AC-4, SC-7
ISO 27001/27002 10.6.2, 10.10.1, 10.10.2
Wall 3.1
PCI/DSS Requirement 5, 10.6SOX DS5.9
GLBA 16CFR Part 314.4 (b) & (3)
HIPAA 164.306(a)(2), 164.312(a)(1), 164.308(a)(1),(2) & (6), 164.310(c)
FISMA SI-3, SI-8, SC-18, AC-2
ISO 27001/27002 11.7.1, 11.7.2
Wall 3.2
SOX A13.2, DS5.3, DS5.4, DS5.10GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.306(a)(2), 164.308(a)(1),(2) and (6), 164.312(a)(1) and (d)
FISMA SI-4, AC-3, AC-4, AC-17
ISO 27001/27002 10.6.2, 10.10.1, 10.10.2, 15.1.5
Wall 3.3
PCI/DSS 10.5.5, 11.5, 12.9.5SOX DS5.5
GLBA 16CFR Part 314.4(b) & (3)
HIPAA 164.312(e)(1)
FISMA AC-19, CP-9, SI-1, SI-7
ISO 27001/27002 12.3, 12.5.1, 12.5.3, 15.3
Wall 3.4
PCI/DSS 2.2SOX A13.2
HIPAA 164.308(a)(1), 164.310(c)
FISMA CA-7, CM-1, CM-2, CM-3, CM-4, CM-6, CP-10, PL-3, SA-4
ISO 27001/27002 10.4.2, 10.10.1
Wall 4.1
PCI/DSS 11.2SOX A13.3
GLBA 16CFR 3.4.4(c)
HIPAA 164.308(a)(8)
FISMA RA-5
Wall 4.2
PCI/DSS 11.2, 6.6SOX A13.3
GLBA 16CFR Part 314.4(c)
HIPAA 164.308(a)(8)
FISMA RA-5, SI-2
ISO 27001/27002 12.6, 15.2.2
Wall 4.3
PCI/DSS 11.3SOX A13.3
GLBA 16 CFR Part 314.4 (c)
HIPAA 164.308(a)(8)
FISMA RA-5, SI-2
ISO 27001/27002 12.6, 15.2.2
Wall 4.4
PCI/DSS 2.2, 6.1, 6.3.1SOX A13.3, DS9
HIPAA 164.308(a)(1), 164.310(b) & (c)
FISMA CA-7, CM-1-4, CM-6, CP-10, PL-3, SA-4, SA-10, SI-2
ISO 27001/27002 10.4.2, 10.10.1, 12.4.1, 12.5.3, 12.5.2, 12.6.1
Wall 5.1
PCI/DSS 8.5, 10.1SOX DS5.3, DS5.4
HIPAA 164.312(a)(1) and (d)
FISMA AC-3, AC-17, AU-3, IA-2, IA-4, IA-5
ISO 27001/27002 10.9, 10.10.1, 11.2.3, 11.5.2
Wall 5.2
PCI/DSS Requirement 3SOX A13.2, DS5.8, DS11.2, DS11.4, DS11.6, DS13.4
GLBA 16CFR Part 314.4(b) & (2)
HIPAA 164.310(d)(1), 164.312(a)(2)(iv)
FISMA AC-3, CP-9, MP-4
ISO 27001/27002 10.5.1, 11.7.1, 12.3.1, 12.3.2, 15.1.6
Wall 5.3
PCI/DSS Requirement 3SOX A13.2, DS5.8, DS11.2, DS11.4, DS11.6, DS13.4
GLBA CFR Part 314.4(b) & (2)
HIPAA 164.310(d)(1), 164.312(a)(2)(iv)
FISMA AC-3, CP-9, MP-4
ISO 27001/27002 10.5, 12.3.1, 12.3.2, 15.1.6
Wall 5.4
PCI/DSS Requirements 3 & 4SOX DS13.4
HIPAA 164.310(d)(1), 164.312(a)(2)(iv)
FISMA SI-4, AU-2
ISO 27001/27002 12.5.4, 15.1.5
Wall 5.5
PCI/DSS Requirement 3 SOX DS13.4HIPAA 164.310(d)(1), 164.312(a)(2)(iv)
FISMA AC-3, CP-9, MP-4
ISO 27001/27002 15.1.2
Wall 5.6
PCI/DSS Requirement 4 8.3SOX A13.2, DS5.8, DS5.10, DS5.11
GLBA 16CFR Part 314.4(b) & (2)
HIPAA 164.312(e)(1), 164.312(a)(2)(iv)
FISMA AC-3, AC-17, SC-23, SC-7, SC-9
ISO 27001/27002 10.6.2, 11.4.2, 11.7.1, 12.3.1, 12.3.2, 15.1.6
Wall 6.1
PCI/DSS 10.1-2, 10.5-6, 10.7SOX DS5.5, DS13.3
GLBA 16CFR Part 314.4(b) & (2)
HIPAA 164.308(a)(5), 164.312(b)
FISMA SI-4, SI-11, AC-7-8, AC-11, AC-13, AU-2-4, IA-2
ISO 27001/27002 10.10, 11.5.2, 11.5.4, 12.2.1, 12.2.4, 12.4.2¥ 12.6.1, 13.2.3, 15.1.3, 15.3.1
Wall 6.2
SOX A13.2, DS11.2, DS11.4, DS11.6HIPAA 164.310(d)(1), 164.312 (a)(2)(iv)
FISMA MP-4, MP-6
ISO 27001/27002 8.3.2, 10.7.2, 10.10.1, 11.7.1, 12.4.2, 15.3.1
Wall 6.3
PCI/DSS All sectionsSOX DS7, DS8
HIPAA 164.308(a)(3)
FISMA AT-3
ISO 27001/27002 6.1.8, 8.2.1, 8.2.2
Wall 6.4
PCI/DSS 12.6SOX DS7, DS8
GLBA 16CFR Part 314.4 (b) & (1)
HIPAA 164.308(a)(5)
FISMA AT-2, AT-4
ISO 27001/27002 8.2.2
Wall 6.5
PCI/DSS 10.2, 12.9, A.1.4*SOX DS7
HIPAA 164.308(a)(1) & (a)(6)
FISMA IR-7
ISO 27001/27002 13.2.1, 13.2.3
*Shared Hosting Providers Only
Wall 6.6
PCI/DSS All sectionsSOX PO9, DS5.2, DS7, ME3, ME4
HIPAA 164.306(a)(4), 164.306(c)(1), 164.308(a)(1)
FISMA IR-7
ISO 27001/27002 15 Compliance
Wall 6.7
PCI/DSS 12.9.1SOX A13.2, DS4, DS11
HIPAA 164.308(a)(7)(i)
FISMA CP-1 through CP-9
ISO 27001/27002 7.1.1, 9.1.4, 10.2.1, 10.5.1, 14
Security Compliance Mandates
PCI/DSS Payment Card Industry Standard
SOX Sarbanes-Oxley Act
GLBA Gramm-Leach-Bliley Act
HIPAA Health Insurance Portability and Accountability Act
FISMA Federal Information Security Management Act
(ISO) 27001/27002 Information Security Management Standard
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy