CoBIT
http://www.isaca.org/cobit.htm
CoBIT has been developed as a generally applicable and accepted standard for good Information Technology (IUT) security and control practices that provides a reference framework for management, users, and IS audit, control and security practitioners.
Common Criteria for Information Technology Security Evaluation (CCITSE)
http://www.radium.ncsc.mil/tpep/library/ccitse/cc%5Fover.html & www.commoncriteria.org
In January 1996, the United States, United Kingdom, Germany, France, Canada, and the Netherlands released a jointly developed evaluation standard for a multi-national marketplace.
Chief Information Officers Council - Federal Best Security Practices (BSP's)
http://www.cio.gov/index.cfm?function=documents§ion=best%20practices
Department of Defence Trusted Computer System Evaluation Criteria
http://www.radium.ncsc.mil/tpep/library/rainbow/5200.28%2DSTD.html
The purpose is to provide technical hardware / firmware / software security criteria and associated technical evaluation methodologies in support of the overall ASP system security policy, evaluation and approval/accreditation responsibilities promulgated by DoD Directive 5200.28.
This publication is effective immediately and is mandatory for use by all DoD Components in carrying out ADP system technical security evaluation activities applicable to the processing and storage of classified and other sensitive DoD information and applications as set forth herein.
FAA Automated Information Systems & Telecommunications Security Functional Requirements
http://www.faa.gov/ait/funcreq/contents.htm
This document addresses the minimum-security requirements for both tactical, operational systems, and administrative, agency infrastructure, support systems and the data processed within those systems. It examines how to implement these security requirements based on the various types of data that are processed, stored, or transmitted in those numerous environments, and provides guidance on selecting an appropriate suite of security features necessary to meet the minimum requirements.
ISO 17799 Community Portal
http://www.17799.com
This portal publishes news, articles and other information related to the ISO17799 and BS7799 information security standard.
Privacy of Consumer Financial Information (regulation S-P)
http://www.sec.gov/rules/final/34-42974.htm
The Securities and Exchange Commission is adopting Regulation S-P, privacy rules promulgated under section 504 of the Gramm- Leach-Bliley Act. Section 504 requires the Commission and other federal agencies to adopt rules implementing notice requirements and restrictions on financial institution's ability to disclose non-public personal information about consumers. Under the GLBA, a financial institution must provide its customers with a notice of its privacy policies and practices, and must not disclose nonpublic personal information about a consumer to nonaffiliated third parties unless the institution provides certain information to the consumer and the consumer has not elected to opt out of the disclosure.
More information on Gramm-Leach-Bliley Act here: http://www.senate.gov/~banking/conf/
SysTrust
http://www.aicpa.org/assurance/systrust/princip.htm
Principles and criteria for Systems Reliability (AICPA), Version 2.0