Gramm-Leach-Bliley Act (GLBA) Compliance

nCipher Security provides solutions for Gramm Leach Bliley Act (GLBA) compliance

Americas Map

Regulation

Active now

GLBA

Also known as the Financial Services Modernization Act, the Gramm Leach Bliley Act (GLBA) applies to U.S financial institutions and governs the secure handling of non-public personal information including financial records and other personal information.

nCipher supports Gramm-Leach-Bliley Act (GLBA) compliance through:

  • Encryption key protection;
  • Strong user authentication;
GLBA
Requirements

Section 501(b) of the Gramm-Leach-Bliley Act requires financial institutions to protect the security, confidentiality and integrity of non-public customer information through “administrative, technical and physical safeguards”. The Gramm-Leach-Bliley Act also requires each financial institution to implement a comprehensive written information security program that includes administrative, technical and physical safeguards appropriate to the size, complexity and scope of activities of the institution. These include:

  • Ensuring the security and confidentiality of customer records and information
  • Protecting against any anticipated threats or hazards to the security or integrity of such records
  • Protecting against unauthorized access to or use of such records or information, which could result in substantial harm or inconvenience to any customer
Implications

For organizations affected by the standard, these Gramm-Leach-Bliley privacy regulations, combined with referenced requirements under the Federal Deposit Insurance Act – section 36, result in the need to:

  • Safeguard and monitor customer records and information
  • Create and maintain effective risk assessments
  • Identify, implement and audit specific internal security controls that protect this data
Encryption Key Protection

nCipher Hardware Security Modules (HSMs) are FIPS-certified, tamper-resistant devices that help protect financial institutions’ most sensitive data by securely generating, managing and storing encryption and signing keys.

Strong User Authentication

nCipher HSMs can help you create high-assurance systems to authenticate users and devices using internal systems, limiting accessing to only authorized entities.

Brochure : nCipher HSM brochure

nShield HSMs provide a hardened, tamper-resistant environment for secure cryptographic processing, key generation and protection, encryption and more. Available in three FIPS 140-2 certified form factors, nShield HSMs support a variety of deployment scenarios.

Download

Other key data protection and security regulations

NIST 800-53 / FedRAMP

Americas Map Thumbnail

Mandate

Active now

Since June 5, 2014 federal agencies have been required to meet FedRAMP standards, ensuring they meet internal data security standards and extended security controls for cloud-computing.

Learn More

HIPAA

Americas Map Thumbnail

Regulation

Active now

These regulations cover healthcare information in the US, HIPAA relates to protection; encryption, key management. etc and HITECH relates to disclosure of data breaches.

Learn More
Contact a Compliance Specialist Contact Us
Want to be part of our team? Explore
Get in contact with a specialist Contact Us