Sarbanes-Oxley Act

An acronym for nonpublic personal information.

“NPI is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available.

NPI is:

• any information an individual gives you to get a financial product or service (for example, name, address, income, Social Security number, or other information on an application);
• any information you get about an individual from a transaction involving your financial product(s) or service(s) (for example, the fact that an individual is your consumer or customer, account numbers, payment history, loan or deposit balances, and credit or debit card purchases); or
• any information you get about an individual in connection with providing a financial product or service (for example, information from court records or from a consumer report).

NPI does not include information that you have a reasonable basis to believe is lawfully made publicly available."

For more information about “NPI” and “publicly available” data, please visit the Federal Trade Commission's webpage on GLBA compliance.

An acronym of Cybersecurity Maturity Model Certification.

It is a security framework for Defense Industrial Base contractors to follow. CMMC 2.0 was announced by the Department of Defense in November 2021 and sets forth requirements for safeguarding Controlled Unclassified Information and other regulated data.