Compliance involves managing policies, practices, and other controls to conform to the requirements of legal jurisdictions or other authoritative entities. Information technology activities are subject to numerous laws, regulations, and requirements from all levels of government. A selection of these compliance requirements (with an emphasis on US standards) includes:
Each of the items above reflects US federal legislation, with the exception of PCI DSS, which is a standard set by the payment card industry for the processing of electronic transactions.
Penetration testing (also known as ethical hacking) may be needed to demonstrate compliance with various security standards. However, penetration testing itself is also subject to standards of compliance. Unauthorized hacking may be subject to criminal penalties, so ethical hackers should take care not to run afoul of anti-hacking statues. Such statues include: