US Cybersecurity Regulations Compliance Gap Assessment Tool

Protect your business – comply with US cybersecurity law

All organizations are potential victims of cyber attacks, which is why it is important to implement cybersecurity measures and comply with relevant laws and guidelines. As US regulations are specific to sector, the size of the organization, and where business operates, this tool is aligned to the core requirements of the most notable cybersecurity laws to help streamline compliance and prevent fines.

The US Cybersecurity Regulations Compliance Gap Assessment Tool makes it easy for organizations to understand their obligations under six key US cybersecurity laws (GLBA, HIPAA, 201 CMR 17.00, Insurance Data Security Model Law, NY SHIELD, and NYDFS), with the ability to remove inapplicable laws – and their corresponding controls and questions – from the gap assessment process. Once the applicable laws have been selected, the tool breaks down their core requirements into easy-to-understand controls and gap assessment questions to complete.

The tool is in Excel format and macro-free, so you can complete a full and easy-to-use assessment and review your compliance percentages for each cybersecurity law through the comprehensive executive summary.

What does the tool do?

The tool contains the following tabs: ‘User instructions’, ‘Tool setup’, ‘Controls & questions’, ‘Executive summary’ and ‘Document control.’

• The ‘Instructions’ tab provides an easy explanation of how to use the tool, so you can complete your assessment without hassle. A PDF version of the instructions are also included.
• The ‘Tool setup’ tab allows you to select which cybersecurity laws apply to you, as well as whether or not you wish to include best-practice security measures within your assessment.
• The ‘Controls & questions’ tab shows all 20 controls and control descriptions, as well as the details of which laws require that control. Under each control, there are also gap assessment questions to which you can answer ‘Yes’, ‘No’, or ‘N/A.’ When a control section is complete, a compliance percentage will display. There is also optional space to track implementation status, record relevant documentation, and leave comments for each question.
• Once you have completed the full assessment, the ‘Executive summary’ tab provides high-level tables and graphs displaying compliance percentages for each cybersecurity law and information on overall assessment completion. The executive summary also includes a detailed implementation tracker, which will be populated if you chose to use the relevant column on the ‘Controls & questions’ tab.

This tool is designed to help you spot the most important legal requirements of six key cybersecurity laws in the US, and provide guidance on how to implement them. It is not designed to guarantee compliance – for that, you should look up the specific, detailed requirements in the laws themselves. If you require specialist help in this area, please contact us.