Rackspace

Federal Risk and Authorization Management Program

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Federal Information Processing Standard (140)

This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments.

Federal Information Security Management Act

FISMA 2014 codifies the Department of Homeland Security's role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies' compliance with those policies, and assisting OMB in developing those policies.

Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge.

Health Information Technology for Economic and Clinical Health Act

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 provides HHS with the authority to establish programs to improve health care quality, safety, and efficiency through the promotion of health IT, including electronic health records and private and secure electronic health information exchange.

International Standard for Standardization 14001

ISO 14001 is an internationally agreed standard that sets out the requirements for an environmental management system.

International Standard for Standardization 27001

ISO/IEC 27001 is the world's best-known standard for information security management systems (ISMS).

International Standard for Standardization 9001

ISO 9001 sets out the criteria for a quality management system. This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement.

NIST: Security and Privacy Controls for Information Systems and Organizations

A catalog of security and privacy controls for information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats and risks, including hostile attacks, human errors, natural disasters, structural failures, foreign intelligence entities, and privacy risks.

Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands.

System and Organization Controls 1

System and Organization Controls 1, or SOC 1, aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity's financial statements.

System and Organization Controls 2

SOC 2 is an auditing procedure that ensures your service providers securely manage your data to protect the interests of your organization and the privacy of its clients.

System and Organization Controls 3

A report that outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy.

Statement on Standards for Attestation Engagements 16 Type 1

The SSAE 16 audit will result in a Service Organization Control (SOC) 1 report.

Statement on Standards for Attestation Engagements 18

SSAE 18 updates SSAE 16 and introduces enhanced requirements for risk assessment, subservice organization monitoring, and vendor management. It is the standard used to produce SOC reports.