The National Institute of Standards and Technology (NIST) is a non-regulatory, government agency that develops technology, metrics, and standards to drive innovation and economic competitiveness at U.S.-based organizations in the science and technology industry. As part of this effort, NIST produces standards and guidelines to help federal agencies meet the requirements of the Federal Information Security Management Act (FISMA). NIST also helps those agencies protect their information and information systems through cost-effective programs.
The Securities and Exchange Commission (SEC) is a U.S. government agency that prevents fraud and international deception by overseeing securities transactions, activities of financial professionals and mutual fund trading. The SEC provides cybersecurity guidance to help broker-dealers, investment advisers, investment companies, exchanges, and other market participants protect their customers from cyber threats.
Download the Financial Services Industry Resource Guide
Many Information Technology (IT) companies fall under the umbrella of the definition of a business associate. For the purposes of HIPAA, a business associate is any person or organization that is not a member of a covered entity’s workforce that performs functions or activities on behalf of a covered entity who has access to or discloses Protected Health Information (PHI).