A web application must have adequate measures to guard itself against remote adversaries and a wide range of threats. There are many regulations which need to be adhered to by a company if it wants to have its application to achieve compliance.
The prominent ones are listed below:
The Gramm-Leach-Bliley Act (GLB Act), also known as the Financial Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections: The Financial Privacy Rule, the Safeguards Rule, and the Pretexting provisions. The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.
(Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs and provides standards for patient health, administrative and financial data interchange. HIPAA, developed by the Department of Health and Human Services, took effect in 2001 with compliance required in phases up to 2004.
The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. The act is administered by the Securities and Exchange Commission (SEC), which sets deadlines for compliance and publishes rules on requirements. Sarbanes-Oxley is not a set of business practices and does not specify how a business should store records; rather, it defines which records are to be stored and for how long. The legislation not only affects the financial side of corporations, but also affects the IT departments whose job it is to store a corporation's electronic records. IT departments are increasingly faced with the challenge of creating and maintaining a corporate records archive in a cost-effective fashion that satisfies the requirements put forth by the legislation.
The EU Data Protection Act came into force in March 2000. The protection of individual privacy tops the list among its salient features. It insists that companies processing personal data must comply with eight data protection principles and it also gives individuals access to 5 fundamental rights to ensure that their privacy is not invaded in anyway.
Given below are some of the pre requisites to comply by this Act:
The 2002 Federal Information Security Management Act (FISMA) was enacted to streamline—while at the same time strengthening—the requirements of its predecessor, the Government Information Security Reform Act (GISRA). FISMA requires federal agencies to improve the security of IT systems, applications, and databases. By presenting a baseline of requirements for government agencies, FISMA calls for risk and vulnerability measurement through information security best practices. This way, agencies can ensure the integrity, confidentiality, and availability of federal information systems.
The Privacy Act mandates that each United States Government agency have in place an administrative and physical security system to prevent the unauthorized release of personal records.
In addition to these regulations there are region specific regulations which are specific to Asia.
RBI: Reserve Bank of India
ESCA: Elecronic Signatures and Certification Authorities
BNM: Bank Negara Malaysia