Back to Frameworks
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule
United States (Federal / FTC)
v1999 (Safeguards Rule amended 2021)
4 domains
4 controls
The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (16 CFR Part 314), as amended by the FTC in 2021, applies to higher education institutions that engage in financial activities such as student lending, financial aid processing, and payment plans. The updated rule requires institutions to develop, implement, and maintain a comprehensive information security program. Key requirements include risk assessment, access controls, encryption, multi-factor authentication, incident response, and appointment of a qualified individual. Compliance deadline was June 2023.
Verified
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
Governance
1 controls
| Code | Title |
|---|---|
| USGLBAHIGHER-1 | Qualified Individual and Risk Assessment |
Incident
1 controls
| Code | Title |
|---|---|
| USGLBAHIGHER-4 | Incident Response and Notification |
Monitoring
1 controls
| Code | Title |
|---|---|
| USGLBAHIGHER-3 | Continuous Monitoring, Testing, Vendor Oversight |
Technical
1 controls
| Code | Title |
|---|---|
| USGLBAHIGHER-2 | Access Controls, Encryption, MFA, Inventory |
Your Compliance Coverage
If you comply with US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule, you already cover:
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
75%
3 controls mapped
Compare →ISO/IEC 29147:2018
75%
3 controls mapped
Compare →Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
75%
3 controls mapped
Compare →+ 151 more: FedRAMP Rev 5 (75%), Family Educational Rights and Privacy Act (FERPA) (75%)
See all 154 mapped frameworks ↓Maps to 154 other frameworks
4 total controls
NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
3 source controls mapped|4 target controls covered
75%
ISO/IEC 29147:2018
3 source controls mapped|5 target controls covered
75%
Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL)
3 source controls mapped|3 target controls covered
75%
FedRAMP Rev 5
3 source controls mapped|3 target controls covered
75%
Family Educational Rights and Privacy Act (FERPA)
3 source controls mapped|1 target controls covered
75%
FISMA
3 source controls mapped|3 target controls covered
75%
FTC GLBA Safeguards Rule (16 CFR Part 314)
3 source controls mapped|4 target controls covered
75%
Ghana Cybersecurity Act
3 source controls mapped|4 target controls covered
75%
HKMA Cyber Resilience Assessment Framework (C-RAF)
3 source controls mapped|3 target controls covered
75%
IACS Unified Requirements E26/E27 - Cyber Resilience of Ships and On-Board Systems
3 source controls mapped|3 target controls covered
75%
IAEA Nuclear Security Series - Computer Security at Nuclear Facilities (NSS-17-T Rev 1)
3 source controls mapped|2 target controls covered
75%
Iceland Data Protection and Processing of Personal Data Act (Act No. 90/2018)
3 source controls mapped|1 target controls covered
75%
IEEE 1686
3 source controls mapped|3 target controls covered
75%
India CERT-In Cyber Security Directions 2022
3 source controls mapped|1 target controls covered
75%
India DPDP Act
3 source controls mapped|2 target controls covered
75%
Indiana Consumer Data Protection Act
3 source controls mapped|2 target controls covered
75%
Indonesia PDP Law
3 source controls mapped|3 target controls covered
75%
Iowa Consumer Data Protection Act
3 source controls mapped|3 target controls covered
75%
ISMAP (Japan)
3 source controls mapped|2 target controls covered
75%
Jamaica Data Protection Act 2020
3 source controls mapped|3 target controls covered
75%
Kentucky Consumer Data Protection Act
3 source controls mapped|3 target controls covered
75%
South Korea PIPA
3 source controls mapped|2 target controls covered
75%
Law No. 172-13 on the Protection of Personal Data
3 source controls mapped|2 target controls covered
75%
Ley Orgánica de Protección de Datos Personales (LOPDP)
3 source controls mapped|2 target controls covered
75%
LGPD
3 source controls mapped|2 target controls covered
75%
Liechtenstein DPA
3 source controls mapped|2 target controls covered
75%
Malaysia PDPA 2010
3 source controls mapped|3 target controls covered
75%
Maryland Online Data Privacy Act of 2024
3 source controls mapped|3 target controls covered
75%
Mauritius DPA
3 source controls mapped|2 target controls covered
75%
Mexico LFPDPPP
3 source controls mapped|2 target controls covered
75%
Minnesota Consumer Data Privacy Act
3 source controls mapped|2 target controls covered
75%
Montana Consumer Data Privacy Act
3 source controls mapped|2 target controls covered
75%
MTCS (Singapore)
3 source controls mapped|4 target controls covered
75%
Nebraska Data Privacy Act
3 source controls mapped|5 target controls covered
75%
NERC CIP
3 source controls mapped|2 target controls covered
75%
Nevada Gaming Control Board Cybersecurity Requirements
3 source controls mapped|4 target controls covered
75%
New Hampshire Data Privacy Act
3 source controls mapped|2 target controls covered
75%
New Jersey Data Privacy Act
3 source controls mapped|3 target controls covered
75%
Nigeria Data Protection Act 2023 (NDPA)
3 source controls mapped|5 target controls covered
75%
Nigeria Data Protection Regulation (NDPR)
3 source controls mapped|1 target controls covered
75%
Nigeria Open Banking Regulatory Framework (CBN, 2023)
3 source controls mapped|2 target controls covered
75%
NIS2 Directive
3 source controls mapped|4 target controls covered
75%
NIST SP 800-122
3 source controls mapped|2 target controls covered
75%
NIST SP 800-144
3 source controls mapped|3 target controls covered
75%
NIST SP 800-145
3 source controls mapped|2 target controls covered
75%
NIST SP 800-146
3 source controls mapped|2 target controls covered
75%
NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security
3 source controls mapped|3 target controls covered
75%
NRF Cybersecurity and Data Privacy Framework (National Retail Federation)
3 source controls mapped|2 target controls covered
75%
Oregon Consumer Privacy Act
3 source controls mapped|2 target controls covered
75%
PDPA Singapore
3 source controls mapped|2 target controls covered
75%
Uruguay DPL
3 source controls mapped|2 target controls covered
75%
UK GDPR (UK General Data Protection Regulation)
3 source controls mapped|1 target controls covered
75%
Turkey KVKK
3 source controls mapped|2 target controls covered
75%
TSA Pipeline Cybersecurity Directives
3 source controls mapped|2 target controls covered
75%
Texas Data Privacy Act
3 source controls mapped|2 target controls covered
75%
Taiwan PDPA
3 source controls mapped|1 target controls covered
75%
Qatar DPL
3 source controls mapped|3 target controls covered
75%
Privacy Act 2020
3 source controls mapped|2 target controls covered
75%
Privacy Act 1988 (Australia)
3 source controls mapped|2 target controls covered
75%
POPIA
3 source controls mapped|2 target controls covered
75%
Personal Data Act (personopplysningsloven)
3 source controls mapped|2 target controls covered
75%
PDPA Thailand
3 source controls mapped|2 target controls covered
75%
ISO/IEC 27400:2022
2 source controls mapped|1 target controls covered
50%
NIST SP 800-171A - Assessing Security Requirements for Controlled Unclassified Information (CUI)
2 source controls mapped|5 target controls covered
50%
ISO/IEC 30111:2019
2 source controls mapped|4 target controls covered
50%
Japan FSA Cybersecurity Guidelines for Financial Institutions
2 source controls mapped|3 target controls covered
50%
NIS2 Directive Implementing Acts
2 source controls mapped|2 target controls covered
50%
Oman National Cybersecurity Framework
2 source controls mapped|1 target controls covered
50%
OWASP DevSecOps Maturity Model (DSOMM)
2 source controls mapped|2 target controls covered
50%
PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments
2 source controls mapped|1 target controls covered
50%
TEFCA - Trusted Exchange Framework and Common Agreement
2 source controls mapped|1 target controls covered
50%
ISO/IEC 27031:2011
2 source controls mapped|1 target controls covered
50%
ISO/IEC 29134:2023
2 source controls mapped|4 target controls covered
50%
ISO/IEC 27014:2020
2 source controls mapped|2 target controls covered
50%
ISO/IEC 27557:2022 - Organisational Privacy Risk Management
2 source controls mapped|2 target controls covered
50%
FATF Recommendation 16 - Virtual Asset Travel Rule
2 source controls mapped|1 target controls covered
50%
FDA 21 CFR Part 11
2 source controls mapped|1 target controls covered
50%
Florida Digital Bill of Rights (FDBR)
2 source controls mapped|2 target controls covered
50%
French Sapin II Law (Law No. 2016-1691)
2 source controls mapped|2 target controls covered
50%
FSSC 22000 - Food Safety System Certification
2 source controls mapped|1 target controls covered
50%
German Supply Chain Due Diligence Act (LkSG)
2 source controls mapped|2 target controls covered
50%
GLOBALG.A.P. Integrated Farm Assurance (IFA) Standard v6
2 source controls mapped|1 target controls covered
50%
IATF 16949:2016 - Quality Management System for Automotive Production
2 source controls mapped|2 target controls covered
50%
ICAO Annex 17 - Aviation Security (AVSEC)
2 source controls mapped|2 target controls covered
50%
IEEE 7000
2 source controls mapped|1 target controls covered
50%
IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)
2 source controls mapped|2 target controls covered
50%
IRM Enterprise Risk Management Framework (Institute of Risk Management)
2 source controls mapped|2 target controls covered
50%
Japan AI Guidelines
2 source controls mapped|1 target controls covered
50%
Lloyd's of London Cyber Insurance Requirements and Underwriting Standards
2 source controls mapped|2 target controls covered
50%
MARS-E
2 source controls mapped|1 target controls covered
50%
MDS2 (Medical Device)
2 source controls mapped|1 target controls covered
50%
NAIC Insurance Data Security Model Law (MDL-668)
2 source controls mapped|2 target controls covered
50%
New Zealand Information Security Manual (NZISM)
2 source controls mapped|3 target controls covered
50%
NIST Privacy Framework
2 source controls mapped|2 target controls covered
50%
NIST SP 800-30
2 source controls mapped|3 target controls covered
50%
NIST SP 800-37
2 source controls mapped|2 target controls covered
50%
NIST SP 800-39
2 source controls mapped|1 target controls covered
50%
NIST SP 800-66
2 source controls mapped|1 target controls covered
50%
OECD AI Principles
2 source controls mapped|1 target controls covered
50%
OECD Guidelines for Multinational Enterprises on Responsible Business Conduct (2023 Update)
2 source controls mapped|1 target controls covered
50%
Own Risk and Solvency Assessment (ORSA) - NAIC Model Act
2 source controls mapped|2 target controls covered
50%
PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)
2 source controls mapped|2 target controls covered
50%
UNICEF Policy Guidance on AI for Children (2021)
2 source controls mapped|1 target controls covered
50%
UNESCO Recommendation on the Ethics of AI
2 source controls mapped|1 target controls covered
50%
UK FCA/PRA Operational Resilience Framework
2 source controls mapped|2 target controls covered
50%
UK Defence Standard 05-138 - Cyber Security for Defence Suppliers
2 source controls mapped|1 target controls covered
50%
UK AI Regulation Framework
2 source controls mapped|1 target controls covered
50%
SEC Climate Disclosure Rule
2 source controls mapped|1 target controls covered
50%
NIST SP 800-171
1 source controls mapped|1 target controls covered
25%
ISO/IEC 27010:2015
1 source controls mapped|1 target controls covered
25%
FIRST CSIRT Services Framework and Standards
1 source controls mapped|1 target controls covered
25%
GLBA
1 source controls mapped|2 target controls covered
25%
HITECH Act
1 source controls mapped|1 target controls covered
25%
HKMA SPM
1 source controls mapped|1 target controls covered
25%
Laos Law on Prevention and Combating Cybercrime (2015)
1 source controls mapped|1 target controls covered
25%
Monetary Authority of Singapore Technology Risk Management Guidelines
1 source controls mapped|1 target controls covered
25%
Open Banking Security
1 source controls mapped|2 target controls covered
25%
OSFI B-13
1 source controls mapped|3 target controls covered
25%
OWASP Top 10:2025
1 source controls mapped|1 target controls covered
25%
Pakistan Personal Data Protection Bill 2023
1 source controls mapped|1 target controls covered
25%
Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)
1 source controls mapped|1 target controls covered
25%
US EPA Safe Drinking Water Act (SDWA) - Cybersecurity Requirements
1 source controls mapped|1 target controls covered
25%
UK Gambling Commission - Cyber Resilience Requirements
1 source controls mapped|1 target controls covered
25%
Trinidad and Tobago Data Protection Act 2011
1 source controls mapped|1 target controls covered
25%
Tanzania Personal Data Protection Act (Draft)
1 source controls mapped|1 target controls covered
25%
Singapore Cybersecurity Act 2018
1 source controls mapped|1 target controls covered
25%
Protective Security Policy Framework (PSPF) Release 2024
1 source controls mapped|1 target controls covered
25%
PSD2 SCA
1 source controls mapped|2 target controls covered
25%
Peru DPL
1 source controls mapped|2 target controls covered
25%
ISO/IEC 27011:2024
1 source controls mapped|1 target controls covered
25%
ISO/IEC 27006:2024
1 source controls mapped|1 target controls covered
25%
MITRE ATT&CK
1 source controls mapped|1 target controls covered
25%
MITRE D3FEND
1 source controls mapped|1 target controls covered
25%
Modern Slavery Act 2018 (Australia)
1 source controls mapped|1 target controls covered
25%
NATO AQAP 2110 - Quality Assurance Requirements for Design, Development, and Production
1 source controls mapped|1 target controls covered
25%
NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)
1 source controls mapped|1 target controls covered
25%
NIST SP 800-123
1 source controls mapped|1 target controls covered
25%
NIST SP 800-137
1 source controls mapped|1 target controls covered
25%
NIST SP 800-61
1 source controls mapped|1 target controls covered
25%
NIST SP 800-63-4
1 source controls mapped|1 target controls covered
25%
NIST SP 800-88
1 source controls mapped|1 target controls covered
25%
NIST SP 800-92
1 source controls mapped|1 target controls covered
25%
O-RAN WG11 Security Specification
1 source controls mapped|1 target controls covered
25%
OpenSSF Scorecard
1 source controls mapped|1 target controls covered
25%
OWASP ASVS
1 source controls mapped|1 target controls covered
25%
OWASP MASVS
1 source controls mapped|1 target controls covered
25%
OWASP SAMM
1 source controls mapped|1 target controls covered
25%
UN Guiding Principles on Business and Human Rights (UNGPs)
1 source controls mapped|1 target controls covered
25%
UAE Virtual Asset Regulatory Authority (VARA) Regulations
1 source controls mapped|1 target controls covered
25%
SLSA
1 source controls mapped|1 target controls covered
25%
SIG (Shared Assessments)
1 source controls mapped|1 target controls covered
25%
Secure by Design: A Guide for Manufacturers (CISA)
1 source controls mapped|2 target controls covered
25%
SA8000:2014 - Social Accountability Standard
1 source controls mapped|1 target controls covered
25%
PTES
1 source controls mapped|1 target controls covered
25%
Frequently Asked Questions
What is US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule?
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule is a compliance framework from United States (Federal / FTC) with 4 domains and 4 controls. The Gramm-Leach-Bliley Act (GLBA) Safeguards Rule (16 CFR Part 314), as amended by the FTC in 2021, applies to higher education institutions that engage in financial activities such as student lending, financial aid processing, and payment plans. The updated rule requires institutions to develop, implement, and maintain a comprehensive information security program. Key requirements include risk assessment, access controls, encryption, multi-factor authentication, incident response, and appointment of a qualified individual. Compliance deadline was June 2023. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule have?
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule has 4 controls organised across 4 domains. The largest domains are Governance (1 controls), Incident (1 controls), Monitoring (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule map to?
US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule maps to 154 other compliance frameworks. The top mapping partners are NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements (75% coverage), ISO/IEC 29147:2018 (75% coverage), Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (UAE PDPL) (75% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule compliance?
Start your US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about US Gramm-Leach-Bliley Act (GLBA) - Higher Education Safeguards Rule requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 4 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required