SolutionLab Enterprise Risk and Consulting Services are based on experience and expertise with following Laws, Regulations, Standards, and Guidelines.

Laws and Regulations
  • The Federal Information Management Act (FISMA)
  • The Health Insurance Portability and Accountability Act of 1996 (HIPPA)
  • The Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH)
  • Privacy Act of 1974
  • Massachusetts Privacy Law - 201 CMR 17 - Standards for the Protection of Personal Information of Residents of the Commonwealth
  • The federal tax information safeguarding requirements defined by the Internal Revenue Service (IRS) in the Title 26 of the United States Code (U.S.C) section 6103
  • The Payment Card Industry (PCI) Data Security Standard for payment card processing (electronic payments)
  • Americans with Disabilities Act of 1990 and ADA Amendments Act of 2008 (P.L. 110-325), Section 508

    Standards & Guidance
  • The Center for Consumer Information & Insurance Oversight (CCIIO/CMS) Harmonized Security and Privacy Framework
  • Federal Information Processing Standard (FIPS) Pub 199 Standards for Security Categorization of Federal Information And Information Systems
  • FIPS Pub 200 Minimum Security Requirements for Federal Information and Information Systems
  • NIST SP 800-53 Recommended Security Controls for Federal Information Systems and Organizations
  • ISO 27001/27002 – Information Security Management
  • NIST SP 800-60 Guide for Mapping Types of Information and Information Systems to Security Categories
  • NIST SP 800-66 An Introductory Resource Guide for Implementing the HIPAA Security Rule
  • CCIIO/CMS Technical Reference Architecture- Minimum Security Guidance for States
  • CCIIO/CMS Technical Reference Architecture- Catalog of Minimum Security Controls for States
  • Information Technology Infrastructure Library (ITIL) - 4 Service Design

    Additional Guidance
  • FIPS Pub 140-2 Security Requirements for Cryptographic modules addressing Data Encryption standards
  • IRS Publication 1075 - Tax Information Security Guidelines for Federal, State & Local Agencies for Federal Tax Information (FTI) data security & privacy
  • Payment Card Industry (PCI) Data Security Standards addressing electronic payments security
  • NIST SP 800-63 Electronic Authentication Guideline
  • Executive Office of the President – Office of Management and Budget- Memorandum 04-04, E-Authentication Guidance for Federal Agencies