Gramm-Leach-Bliley Act Compliance
Gramm-Leach-Bliley is U.S. Public Law 106-102, the Financial Services Modernization Act (Gramm-Leach-Bliley Act or "the Act") signed into law on Nov. 12, 1999. Congress created the Gramm-Leach-Bliley Act to improve consumer financial services. The complex, seven-Title law applies to about 9,500 financial institutions that offer financial products and services such as securities, banking, loans, and insurance. A series of rules and guidelines were established by several federal agencies for implementation of the Act, including deadlines for compliance.
Gramm-Leach-Bliley Act Compliance Focus
This paper focuses on the Gramm-Leach-Bliley Act's compliance requirements, especially security audits and vulnerability management. Security rules and guidelines for Gramm-Leach-Bliley Act compliance are to assure people that the confidentiality and privacy of financial information electronically collected, maintained, used, or transmitted is secure - especially when financial information can be directly linked to an individual. Security is not a product as much as it is an on-going, dynamic process. Accordingly, many security rules and guidelines published by federal agencies are process-intensive. Automation of these on-going processes with a web service like
QualysGuard can speed and simplify frequent compliance audits - especially when institutions monitor Gramm-Leach-Bliley Act security compliance of subsidiaries and affiliates.
QualysGuard Security Audit and Vulnerability Management Web Service Meets Key Compliance Rules
QualysGuard is a network security audit and vulnerability management web service from Qualys, Inc. It meets key security technology requirements detailed in the Final Rules published by: - Board of Governors of the Federal Reserve System - Federal Deposit Insurance Corporation - National Credit Union Association - Office of the Comptroller of the Currency - Office of Thrift Supervision - Secretary of the Treasury - Securities and Exchange Commission - Federal Trade Commission
Organizations can comply with Gramm-Leach-Bliley security rules faster, easier and for less cost with the automated QualysGuard web service. This paper maps QualysGuard capabilities to specific requirements of the law, helping security managers to quickly understand a fast, easy and cost-effective compliance path. It concludes with instructions for obtaining a free trial of the QualysGuard service.
AUTOMATION MAKES CONTINUOUS GRAMM-LEACH-BLILEY ACT COMPLIANCE EASIER
Financial services Security Professionals have their work cut out to comply with Gramm-Leach-Bliley Act. Details of security provisions for Gramm-Leach-Bliley Act are complex and process-intensive. To comply with the process intensive Gramm-Leach-Bliley Act guidelines, organizations can take one of two paths. One is a do-it-yourself products-oriented approach requiring expensive staff for installation and maintenance. Alternatively, Qualys offers an easier, faster and more cost-effective approach by using the QualysGuard web service.
QualysGuard Provides Instant, Automated Security Audits
Good security requires frequent audits for vulnerabilities in all network security processes, anywhere non-public data can be found. As a turnkey web service, QualysGuard enables compliance for financial services immediate, on-going compliance with key Gramm-Leach-Bliley security rules and guidelines. Subscribers can scan their perimeter-facing hosts with Qualys Remote Scanners, internal hosts with QualysGuard Scanner Appliance, and manage both with an easy-to-use web interface. The combination of internal and external audits provides the most comprehensive, Gramm-Leach-Bliley Act-compliant assessment of risks to unauthorized access of non-public financial data. QualysGuard customers may also use the service to monitor Gramm-Leach-Bliley Act compliance by service providers, subsidiaries and other affiliates.
QualysGuard Web Service Dramatically Cuts Total Cost of Ownership
Total Cost of Ownership (TCO) analysis for five years shows tremendous savings using an automated web service for auditing network security and vulnerability management versus a do-it-yourself products-oriented solution. For a mid-sized enterprise, the expense of using even "free" security software on self maintained servers is more than $1.2M for five years, mainly due to administrative and maintenance efforts. The five-year TCO for the automated QualysGuard web service is just under $600K, or half the expense.
Congress enacted the Gramm-Leach-Bliley Act as a broad effort to improve financial services to consumers. Our focus in this paper is security technology, covered by Title V (Privacy).
1. Ensure security and compliance for financial services and confidentiality of customer information. Through Gramm-Leach-Bliley Act compliance, Congress directed several federal agencies to establish standards for safeguarding customer information. The Act permitted most of the Banking agencies to develop their safeguards standards by issuing "guidelines."
2. Protect against anticipated threats or hazards to security or integrity of information. The Gramm-Leach-Bliley Act required the Securities and Exchanges Commission and the Federal Trade Commission to issue standards as "rules" (formal regulations).
