The Gramm-Leach-Bliley Act (GLBA), also known
as the Financial Modernization Act, requires financial institutions
such as banks, insurance companies, and brokerage firms, to establish
administrative, technological, and physical safeguards to protect the
confidentiality and integrity of customer records.
To comply with GLBA, you must identify and
assess risks, plan and implement solutions to protect sensitive information,
and establish measures to continuously monitor security. The Federal
Financial Institution Examination Council (FFIEC) and the Federal
Trade Commission (FTC) have both identified audit procedures
and requirements which cover GLBA and most other banking regulations.
Contact Us
Select any of the services below for more information.
To design a more comprehensive compliance solution for your business,
contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.
Requirements
The following solutions can help you address
section certain aspects of GLBA.
Key Controls |
Applies To |
How VeriSign Helps |
- Requires a regular
risk assessment.
- Requires that major
infrastructure changes undergo technical and non-technical evaluations.
- Requires documented
policy and procedures.
- Requires risk assessments
to determine appropriate controls for given situations.
|
Applications, servers, databases, and network
devices with non-public personal information (NPI) |
Enterprise
Consulting Assessments |
Requires logging of all access
to personal information (by a person or user to view, read, write, or
delete) |
Applications, servers, databases, and network
devices with NPI |
Log
Management Service |
Requires both the capability
to detect potential intrusions and the placement of intrusion detection
devices. |
All systems storing, transmitting or processing
regulated NPI data |
Intrusion
Detection Management Service (IDS) |
Requires firewalls as a core
component to network security. |
Network access to segments that transmit, store
or process NPI |
Firewall
Management Service |
Requires authentication and access
control for access to sensitive information. |
Authentication methods, access control methods
and the administration of access for networks, operating systems, applications,
remote users and systems |
Unified
Authentication |
Requires encryption in storage
and transmission, and integrity controls. |
All systems storing, transmitting or processing
regulated NPI data |
|
Best Practices
These solutions address industry best practices
that can augment the above required controls.
Best Practice |
Applies To |
How VeriSign Helps |
Regular vulnerability scanning
can help meet regular technical and non- technical evaluation requirements |
All systems storing, transmitting or processing
regulated NPI data |
Vulnerability
Management Service |
Learn More
Worldwide Sites
