Half of U.S. states have laws requiring businesses to provide security for electronic personal information, with more states taking on these requirements each year. Some states – such as New York and California – apply security requirements to businesses regardless of the business location that processes personal information of state residents. While each state’s laws are slightly different, most contain common elements. This summary will focus on California, Florida, Massachusetts, New York, and Texas.
Below, learn more about state security laws and how Rapid7 can help you achieve compliance goals.
State Security Laws
PCI DSS Requirement | InsightVM & Managed VM | Insight IDR & MDR | InsightAppSec & Managed AppSec | InsightCloudSec | Metasploit | Consulting Services |
|---|
Requirement 1: Maintain firewall configuration to protect cardholder data | ✔ | ✔ | | ✔ | ✔ | ✔ |
Requirement 2: No vendor-supplied default system passwords or configurations | ✔ | | ✔ | ✔ | ✔ | ✔ |
Requirement 3: Protect stored cardholder data | | ✔ | | | | ✔ |
Requirement 4: Encrypt transmission of cardholder data over open networks | ✔ | | ✔ | | | ✔ |
Requirement 5: Protect systems against malware, regularly update antivirus programs | ✔ | ✔ | | | | ✔ |
Requirement 6: Develop and maintain secure systems and applications | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Requirement 7: Restrict access to cardholder data | ✔ | ✔ | ✔ | | | ✔ |
Requirement 8: Identify and authenticate access to cardholder data | ✔ | ✔ | ✔ | | ✔ | ✔ |
Requirement 9: Restrict physical access to cardholder data | | | | | | ✔ |
Requirement 10: Track and monitor all access to network resources and cardholder data | | ✔ | | | | ✔ |
Requirement 11: Regularly test security systems and processes | ✔ | ✔ | ✔ | | ✔ | ✔ |
Requirement 12: Maintain an information security policy for all personnel | | ✔ | | | | ✔ |
