Gramm-Leach-Bliley Act Compliance - Gramm-Leach-Bliley from VeriSign, Inc.

You Are Here: US Home > Solutions > Compliance Solutions > Regulatory Compliance Solutions > Gramm-Leach-Bliley Act Compliance

Gramm-Leach-Bliley Act Compliance

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act, requires financial institutions such as banks, insurance companies, and brokerage firms, to establish administrative, technological, and physical safeguards to protect the confidentiality and integrity of customer records.

To comply with GLBA, you must identify and assess risks, plan and implement solutions to protect sensitive information, and establish measures to continuously monitor security. The Federal Financial Institution Examination Council (FFIEC) and the Federal Trade Commission (FTC) have both identified audit procedures and requirements which cover GLBA and most other banking regulations.

Contact Us

Select any of the services below for more information. To design a more comprehensive compliance solution for your business, contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.

Requirements

The following solutions can help you address section certain aspects of GLBA.

Key Controls

Applies To

How VeriSign Helps

  • Requires a regular risk assessment. 
  • Requires that major infrastructure changes undergo technical and non-technical evaluations.
  • Requires documented policy and procedures. 
  • Requires risk assessments to determine appropriate controls for given situations.

Applications, servers, databases, and network devices with non-public personal information (NPI)

Enterprise Consulting Assessments

Requires logging of all access  to personal information (by a person or user to view, read, write, or delete)

Applications, servers, databases, and network devices with NPI

Log Management Service

Requires both the capability to detect potential intrusions and the placement of intrusion detection devices.

All systems storing, transmitting or processing regulated NPI data

Intrusion Detection Management Service (IDS)

Requires firewalls as a core component to network security.

Network access to segments that transmit, store or process NPI

Firewall Management Service

Requires authentication and access control for access to sensitive information.

Authentication methods, access control methods and the administration of access for networks, operating systems, applications, remote users and systems

Unified Authentication

Requires encryption in storage and transmission, and integrity controls.

All systems storing, transmitting or processing regulated NPI data

Best Practices

These solutions address industry best practices that can augment the above required controls.

Best Practice

Applies To

How VeriSign Helps

Regular vulnerability scanning can help meet regular technical and non- technical evaluation requirements

All systems storing, transmitting or processing regulated NPI data

Vulnerability Management Service

Learn More

Compliance Solutions Overview Guide

An overall strategy for compliance with multiple regulations and requirements

FFIEC Authentication Risk Assessment

An overview of Global Security Consulting risk assessment services
Contact Us
Please contact sales at
650-426-5310 or
submit your inquiry online.
White Papers
Optimizing Enterprise Information Security Compliance White Paper
VeriSign(R) Compliance Solutions
Data Sheets
Security Solutions to Support Gramm-Leach-Bliley Act
VeriSign(R) Security Certification Program Data Sheet
Tours & Demos
VeriSign(R) Security Certification Program Flash Demo