Part 1: Compare and contrast the following laws, regulations, and standards

	HIPAA	FERPA	Sarbanes-Oxley	FISMA	PCI/DSS	NIST SP800-53	OWASP[1]
Is it a regulation? If yes, provide the year of enactment.
Target Industry / Audience
Information Security Requirements (Scope)
Are there specific requirements for Data breach disclosures?
Are there specific requirements for subcontractors?
Give a non-compliance example specific to the target industry.
Voluntary or Required for the Target Industry / Audience
Who is the responsible body?
Is there a certification scheme?
How is compliance demonstrated?
Are there different compliance levels/tiers depending on the features of the audience

Part 2: Compare and contrast the creation and change processes of OWASP ASVS standard and FISMA

Resources for ASVS:

• OWASP Application Security Verification Standard
• https://github.com/OWASP/ASVS

Resources for FISMA:

• FISMA Implementation Project - Background
• FISMA Implementation Project - Overview

Part 3: Select one of the legal/regulatory standards listed at the table above, describe the impact of the standard on the security of an IT system.

Part 4: Select one of the standards listed in the table, then describe how the selected standard can be applied and assessed for contractors/sub-contractors or citizens/customers.

Part 5: For standards listed in the table, describe the specifications and requirements common in all or most of the standards.

[1] Use Application Security Verification Standard (ASVS) of OWASP; can be downloaded here https://github.com/OWASP/ASVS/raw/master/4.0/OWASP%20Application%20Security%20Verification%20Standard%204.0-en.pdf