Scribd
Upload
59 views3 pages

Cybersecurity Regulations Across Industries

Codes for FedReg

Uploaded by

desaivilas60
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
59 views3 pages

Cybersecurity Regulations Across Industries

Codes for FedReg

Uploaded by

desaivilas60
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd

CFR Short

Numbers Description
Codes Forms
6 CFR Dement of Homeland Securities
27 CFATS Chemical Facility Anti Terrorism Standards
37 Real ID Personal Identification
Protected Critical Infrastructure Information used for protection and secure
29 PCII sharing of information between industries and the DHS, including cybersecurity
information relevant to critical infrastructure
10 CFR Energy
Domestic Licensing of Production and Utilization Facilities
50 Covers security requirements for nuclear power plants, including both physical and
cybersecurity for critical industrial infrastructure.
Physical Protection of Plants and Materials
73 Contains cybersecurity requirements for nuclear facilities to ensure protection from
cyber threats and unauthorized access to systems controlling nuclear operations

Nuclear Regulatory Commission Provides guidance for the implementation of


NRC RG5.71 cybersecurity controls at nuclear power plants, including network security and
incident response planning
18 CFR Conservation of Power and Water Resources (NERC CIP Standards)
Electric Reliability Organization (ERO) Standards that apply to the bulk electric
39 system and its industrial control systems (ICS), requiring protection against
cybersecurity risks.
Critical Energy Infrastructure Information (CEII)
388 Governs how information related to critical energy infrastructure, including
industrial systems in the energy sector, is handled and protected from cyber threats.

12 CFR Banks and Banking


Appendix B: Interagency Guidelines Establishing Information Security Standards.
30 These include cybersecurity requirements for financial institutions, mandating
safeguards for customer information.
Mandates credit unions to develop cybersecurity and data protection programs to
748
prevent & respond to unauthorized access.
45 CFR Public Welfare (Health)
(HIPAA Security Rule): Sets standards for securing protected health information
164 (PHI) in the healthcare sector, including cybersecurity measures for preventing data
breaches and unauthorized access.
HIPAA Enforcement Rules, which address the cybersecurity implications of handling
160
patient information and reporting breaches.
29 CFR Labor (Occupational Safety and Health Administration - OSHA)
1910 contains standards related to workplace safety in industries, including
provisions for machine safety, hazardous chemicals, and protective systems.
1910 Although primarily focused on physical safety, certain provisions can be extended to
cybersecurity where industrial control systems are integrated with physical
equipment
16 CFR Commercial Practices

The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule requires financial institutions


314
to implement cybersecurity measures to protect customer information

32 CFR National Defense


Controlled Unclassified Information (CUI), which includes cybersecurity
2002 requirements for managing and safeguarding sensitive information in defense
systems
Defense Industrial Base (DIB) Cybersecurity Activities. This outlines the voluntary
236 sharing of cybersecurity information between the Dement of Defense and private
contractors.
14 CFR Aeronautics and Space (FAA)
Drone operation regulations include provisions for cybersecurity to protect
107
communications & navigation systems from cyber threats.
Mineral Resources
Mine Safety and Health Administration (MSHA)
30 CFR s 1-199 Contains regulations for the safety and health standards of mining operations,
including protections against security threats. Industrial cybersecurity can be
indirectly affected in areas where automated mining systems are used.
Mandatory Safety Standards for Underground Coal Mines
75 While focused on safety, the integration of automation and control systems in
modern mines brings cybersecurity concerns to the forefront, especially for
industrial control systems used in mining operations.
40 CFR Protection of Environment (Environmental Protection Agency - EPA)

Oil Pollution Prevention Requires industries involved in oil production and storage
112 to implement systems for spill prevention, which may include cybersecurity
measures to protect control systems that manage these operations.

Risk Management Program (RMP) Rule


68 Applies to facilities that manage highly hazardous chemicals and requires them to
have risk management plans, including cyber-risk assessments if control systems are
involved.
49 CFR Transportation
Transportation Security (TSA)
s 1500- These s address the security requirements for transportation-related industries,
1699: including cybersecurity provisions for protecting critical systems like railway,
aviation, and pipelines
Surface Transportation Security
1580 Includes cybersecurity requirements for transportation systems and infrastructure,
especially those controlling railroads and other forms of surface transportation.

12 CFR Banks and Banking (Financial Institutions)


Interagency Guidelines Establishing Information Security Standards
30, Appx This section applies to financial institutions, requiring cybersecurity measures to
B protect customer information and secure data handling, which is essential for
banking-related industrial operations.
32 CFR National Defense
Defense Industrial Base - Cybersecurity Activities
236 DIB Governs the cybersecurity activities related to industries that supply goods &
services to the U.S. Dement of Defense (DoD). It focuses on safeguarding the Defense
Industrial Base from cyber threats.
Controlled Unclassified Information
2002 CUI Includes guidelines for protecting sensitive information that may affect industrial
cybersecurity in the defense sector
16 CFR Commercial Practices
Safeguards Rule (GLBA)
314
314 This applies to financial institutions and indirectly to industrial companies managing
customer data. It mandates the implementation of strong cybersecurity practices to
protect sensitive data.

You might also like