Guarantee legal compliance

Summary

The system must comply with the legal requirements of the jurisdiction to which it is subject.

Description

If a system complies with legal requirements becomes responsible and lawful in its operation. It protects the organization from legal consequences, builds trust with users and stakeholders, and aligns the systems with regulatory expectations. Non-compliance with legal requirements can lead to serious consequences, including fines, penalties, legal actions, and reputational damage.

Supported In

This requirement is verified in following services

Plan	Supported
Essential	🔴
Advanced	🟢

References

• GDPR-R45. Fulfillment of legal obligations
• FCRA-605-H_2. Regulations
• GLBA-501_A. Privacy obligation policy
• MISRA-C-1_1. All code shall conform to legal compliance
• NYDFS-500_3. Cybersecurity policy
• PDPA-3_12. Policies and practices
• PDPO-5_19. Compliance with data access request
• PDPO-S1_5. Information to be generally available
• CMMC-AC_L2-3_1_3. Control CUI flow
• HITRUST CSF-01_a. Access control policy
• HITRUST CSF-02_d. Management responsibilities
• HITRUST CSF-04_a. Information security policy document
• HITRUST CSF-06_a. Identification of applicable legislation
• HITRUST CSF-06_b. Intellectual property rights
• HITRUST CSF-06_f. Regulation of cryptographic controls
• HITRUST CSF-06_g. Compliance with security policies and standards
• HITRUST CSF-09_i. System acceptance
• HITRUST CSF-13_g. Purpose legitimacy
• FedRAMP-SA-1. System and services acquisition policy and procedures
• FedRAMP-SC-1. System and communications protection policy and procedures
• ISO/IEC 27002-5_34. Privacy and protection of Personal Identifiable Information (PII)
• LGPD-7_II. Requirements for the Processing of Personal Data
• LGPD-7_VI. Requirements for the Processing of Personal Data
• LGPD-26. Rules
• LGPD-51. Good Practice and Governance
• WASSEC-8_4_1. Compliance report
• OSSTMM3-9_1_1. Wireless security (posture review) - Policy
• PTES-7_2_1. Post exploitation - Rules of engagement (protect the client)
• OWASP Top 10 Privacy Risks-P5. Non-transparent policies, terms and conditions
• MVSP-1_6. Business controls - Compliance
• NIST 800-115-6_6. Legal considerations
• SIG Lite-SL_23. Is there an information security policy that has been approved by management and an owner to maintain and review the policy?
• SIG Core-B_1. Security policy
• SIG Core-B_1_1. Security policy
• SIG Core-L_1. Compliance
• OWASP ASVS-1_1_1. Secure Software Development Lifecycle
• ISO/IEC 27001-5_34. Privacy and protection of Personal Identifiable Information (PII)

Vulnerabilities

• 118. Regulation infringement

free trial

Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.