APPENDIX 3: REGULATIONS AND LEGISLATION
The pen tester may be required to provide the client organization with a proof of compliance with certain legislation, regulations, best practices, or industry standards as a part of the pen testing effort. These regulations vary widely from one jurisdiction to another – from country to country and, often, from state to state.
Many regulations are industry-specific – such as legislation concerning health care – and only apply to that industry sector or vertical. Other legislation applies across all industries in a region or country and are, therefore, horizontal in nature.
A multinational organization may find it nearly impossible to be compliant with the regulations in all the countries they operate in. ...