Call a Specialist Today! 855-958-0756

Additional Regulations Impacting IT Organizations

Today, more than ever, organizations are challenged by the growing number of regulations and privacy acts. The momentum spans all verticals and geographies. Many organizations need to comply with more than one regulation, and are struggling with the increased complexity of technical implementations. Imperva solutions help organizations implement regulatory requirements across multiple regulations and streamline compliance efforts.


Health / Pharmaceutical/Insurance



State and Local Government


Service Providers

Educational Institutes

Financial Regulations

Basel II
Basel II requires banks to improve their risk measurement and management systems. The banks are required to manage the location of data, access to sensitive data and tracking usage of data. Imperva Data Risk Management solutions locate sensitive data, assess vulnerabilities and configurations, manage user access rights to sensitive databases and files and audits actual data usage.

Gramm-Leach-Bliley Act (GLBA)
The GLBA Safeguards Rule requires all financial institutions to protect customer information. Imperva data security solutions protect customer information from breach attempts, leakage and theft, block unauthorized access and attacks targeting customer data, provide a complete audit trail to support forensic investigations and enable data risk management.


NAIC Model Audit Rule (MAR)
NAIC revisions to the Model Audit Rule require insurance companies to implement similar controls as provisioned by the Sarbanes-Oxley Act. Imperva audit and security solutions enable insurance companies to certify the integrity of their financial records by auditing privileged activity and changes that impact regulated data, and automating compliance reporting processes.

21 CFR Part 11 (FDA)
The 21 CFR Part 11 regulation requires FDA regulated industries to implement controls over electronic medical records and systems processing electronic records. Imperva data security solutions provide the required controls including audits, system validations and audit trails for systems involved in processing regulated electronic data.

State and Local Government

Ohio Revised Code 1347 section 15 (ORC 1347.15)
The ORC1347.15 requires protection of personal information. State of Ohio agencies are relying on Imperva data security suite as it provides unique ability to monitor and protect privileged information by providing a complete audit trail of user activities through web, file and database activity auditing.

California SB 1386
The SB1386 is a California law regulating the privacy of personal information. It requires anyone who conducts business in California to disclose security breaches to residents whose unencrypted data has been disclosed. Imperva real-time notifications can protect unencrypted data from wrongful access and block data breach attempts.

Massachusetts Data Privacy Law (Mass 201 CMR 17)
The Massachusetts Data Privacy Law requires implementation of technical controls aimed at preventing breach of personal information. Imperva data breach prevention solutions protect personal information from breach attempts, leakage and theft, block unauthorized access and provide a complete audit trail of information usage.


EU Data Breach Notification Law
The European Parliament directive 2009/136/EC is concerned with protection of privacy of personal data. The new provision requires telecom and ISPs to immediately notify about security breaches such as the theft of customer personal identifiable information(PII). Imperva data security solutions provide real-time alerts and protect against data breach attacks directed at web portals, databases and files.


Federal Information Security Management Act (FISMA)
The FISMA act requires federal agencies to implement an information security program to ensure the integrity, confidentiality and availability of information and information systems. Imperva solutions protect regulated information and applications from unauthorized access, usage, disclosure, modification, and destruction. (Read More...)

The International Traffic in Arms Regulations (ITAR)
Export Administration Regulations (EAR)

ITAR and EAR require that all information and material related to ITAR controlled technology is accessed only by authorized personnel. Imperva Access and User Rights Management solutions enforce access controls to ITAR-related information in files and databases, and manage user rights over regulated data.

IRS 1075
IRS 1075 provides tax information security guidelines for federal, state and local agencies. It requires that personal and financial information in IRS systems is protected against unauthorized use, inspection or disclosure. Imperva data security solutions address multiple sections of the guideline, including audit and security guidelines ensuring that access to FTI (federal tax information) is limited to those individuals who are authorized to access and have a need to know.

The Defense Information Systems Agency (DISA) provides federal organizations with Security Technical Implementation Guides (STIG) for improving and maintaining the security of Database Management Systems. Imperva provides out of the box policies to support the implementation of the DISA-STIG requirements for database security.


North American Electric Reliability Corporation (NERC)
NERC's mission is to ensure reliability of the North American power systems. The Critical Infrastructure Protection (CIP) requirements specify minimum security requirements for protecting assets that are critical to the operation of electrical utility systems. Imperva security solutions automate NERC CIP Compliance and secure critical infrastructure. (Read More...)

Federal Energy Regulatory Commission Regulations (FERC)
Electricity, natural gas, and oil companies are required to implement preventive measures to comply with FERC regulatory requirements. Imperva access and user rights management solutions prevent unauthorized access to regulated data and improve controls to prevent data breach attacks.

Service Providers

Statement on Auditing Standards (SAS) 70
SAS 70 provides assessment guidance to auditors assessing service organizations. The guidance is based on the COSO model of controls also adopted by Sarbanes-Oxley. Imperva assessment and data risk management solutions enable auditors to conduct risk assessments, validate configurations, audit changes that impact regulated data and streamline compliance reports.

Educational Institutes

Family Educational Rights and Privacy Act (FERPA)
In April 2011 the U.S. Department of Education announced a series of initiatives to safeguard student privacy. Educational agencies and institutions must provide students with access to their education records, but should not release student records or share them with other agencies without the student's consent. Controls are required to ensure that only authorized personnel can access student records, and all access is audited. (Read More...)

Related Products:

Database Security
Product Name: Capabilities:
SecureSphere Database Activity Monitoring
SecureSphere Database Firewall
  • Audit all access to ePHI stored in databases
  • Provides needed details to investigate data breach events
  • Alert and optionally block2 unauthorized access to ePHI
  • Predefined compliance reports and customization capabilities
  • Audit analytic tools to support forensic investigations
  • Centralized and automated auditing solution for heterogeneous database platforms
SecureSphere Discovery and Assessment Server3
  • Automate data discovery and classification
  • Assess databases for vulnerabilities
  • Prioritize security risks
User Rights Management for Databases
  • Aggregate access rights across databases
  • Remove excessive rights and dormant users

File Security
Product Name: Capabilities:
SecureSphere File Activity Monitoring
SecureSphere File Firewall
  • Monitor and optionally block unauthorized file activity
  • Investigate and respond to incidents with advanced analytics and reporting
  • Prevent sensitive file data leaks
User Rights Management for Files
  • Aggregate access rights across file servers
  • Remove excessive rights and dormant users

Web Security
Product Name: Capabilities:
SecureSphere Web Application Firewall
  • Block known and zero-day attacks using white list and black list security models, protocol validation, and correlation
  • Stop automated attacks with ThreatRadar
  • Prevent sensitive application data leaks
2Blocking accesses to sensitive data in databases requires SecureSphere Database Firewall
3SecureSphere Discovery and Assessment Server is included with SecureSphere Database Activity Monitoring and SecureSphere Database Firewall
4Blocking accesses to sensitive data in databases requires SecureSphere File Firewall