Identification should include, but not be limited to
- national laws, regulations, policies, and/or standards
- Computer Fraud and Abuse Act of 1986 (CFAA)
- Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001
- Homeland Security Act of 2002
- Digital Millennium Copyright Act (DCMA) 1998
- Privacy Act of 1974
- Electronic Communications Privacy Act (ECPA) of 1986
- Cyber Security Information Sharing Act (CISA) of 2015
- Health Insurance Portability and Accountability Act (HIPAA)
- Telecommunications Act of 1996
- Gramm-Leach-Bliley Act (GLBA) of 1999
- Family Educational Rights and Privacy Act (FERPA) of 1974
- Sarbanes-Oxley Act of 2002
- international laws and standards (e.g., European Union and Information Security Directive).