Compliance
ZeroTrusted.ai supports the following security and privacy compliance requirements:
- Payment Card Industry Data Security Standard (PCI DSS)
- Ensures secure handling of credit card information.
- Open Web Application Security Project (OWASP) Top 10
- Focuses on addressing the most critical security risks to web applications.
- USA AI Bill of Rights
- Provides a framework for the ethical and responsible use of AI, focusing on safety, fairness, and transparency.
- NIST AI 100-01
- National Institute of Standards and Technology’s framework for managing AI risks and ensuring AI system trustworthiness.
- NIST AI 600-1
- An additional NIST framework focusing on risk management for AI systems, ensuring responsible development and deployment.
- NIST SP 800-53
- A set of security and privacy controls for federal information systems and organizations.
- OMB M-24-10
- Office of Management and Budget’s directive for improving federal cybersecurity and AI system resilience.
- CWE/SANS Top 25
- Identifies the most dangerous software errors that can lead to security vulnerabilities.
- Personally Identifiable Information (PII) Data Compliance
- Ensures proper protection and handling of sensitive personal data.
- Protected Health Information (PHI) Data Compliance
- Protects patient health information, especially in healthcare systems.
- General Data Protection Regulation (GDPR)
- European Union regulation for data privacy and protection of individuals’ personal data.
- California Consumer Privacy Act (CCPA)
- California law providing data privacy rights for California residents.
- Health Insurance Portability and Accountability Act (HIPAA)
- S. law focused on protecting the privacy and security of health information.
- Health Information Technology for Economic and Clinical Health Act (HITECH)
- Promotes the adoption of health information technology and strengthens HIPAA enforcement.
- HITRUST
- A certifiable framework that addresses security, privacy, and regulatory compliance in the healthcare industry.
- Gramm-Leach-Bliley Act (GLBA)
- S. law that requires financial institutions to explain their information-sharing practices and protect customer data.
- Lei Geral de Proteção de Dados (LGPD)
- Brazil’s data protection law focused on the protection of personal data and digital privacy rights.
- DHS Common Vulnerabilities and Exposures (CVE)
- Identifies and catalogs publicly known cybersecurity vulnerabilities.
- Automated Indicator Sharing (AIS)
- A DHS program enabling the real-time exchange of cyber threat indicators between the private sector and the government.
- MIT AI Risk Management Framework (https://airisk.mit.edu/)
- A framework from MIT focused on AI risk management, providing guidance on identifying and mitigating AI risks in various domains.
The AI Risk Repository by MIT
ZeroTrusted.Ai integrates these compliance frameworks to ensure that AI systems meet the highest standards of security, privacy, and transparency while adhering to critical regulatory requirements across industries and sectors.
Read our white paper
ZeroTrusted.ai’s Alignment with the Blueprint for an AI Bill of Rights
Artificial Intelligence (AI) and automated systems have brought significant advancements, revolutionizing industries from healthcare to finance. However, with the rise of AI, concerns regarding privacy, fairness, and security have also emerged. To address these issues, the Blueprint for an AI Bill of Rights, introduced by the White House Office of Science and Technology Policy, outlines five key principles aimed at protecting civil liberties and ensuring that AI is used responsibly and ethically.