The Sarbanes-Oxley Act (SOX) is a federal law designed to improve financial transparency and responsibility for U.S. public companies. It’s enactment in 2002 was prompted by several well-publicized accounting scandals. SOX established a number of standards for public companies to follow. From a data security perspective, two sections standout in providing high level guidance when it comes to understanding and implementing controls around financial data:
An acronym for nonpublic personal information.
“NPI is any personally identifiable financial information that a financial institution collects about an individual in connection with providing a financial product or service, unless that information is otherwise publicly available.
NPI is:
NPI does not include information that you have a reasonable basis to believe is lawfully made publicly available."
For more information about “NPI” and “publicly available” data, please visit the Federal Trade Commission's webpage on GLBA compliance.
An acronym of Cybersecurity Maturity Model Certification.
It is a security framework for Defense Industrial Base contractors to follow. CMMC 2.0 was announced by the Department of Defense in November 2021 and sets forth requirements for safeguarding Controlled Unclassified Information and other regulated data.