Folks, I'm excited to announce the first official release of  "Security Awareness Compliance Requirements".  This document lists all known standards and regulations that require security awareness training.  Specifically you will find the name of each regulation, the section within the regulation that requires awareness training and links to more information.   This is intended to be a resource to help those in the audit field and those looking for gaining management support for their awareness program.  I would like to thank the following people for helping add additional sources.  If you have any more to add, let me know at lspitzner@sans.org.
  • Girard Jergensen on CobiT
  • Brian Honan on EU Data Privacy Directive
  • Alan Stockdale on US State privacy legislation
  • Marlon Borba on ISO/IEC 27001 & 27002