Previous Page Next Page

GLBA—Gramm-Leach-Bliley Act

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act, was enacted by the United States Congress in 1999.

GLBA is used primarily for organizations in the financial sector.

Note

The information in GLBA sections to follow is compiled from "Compliance and Risk Management: GLBA" at http://www.cisco.com/en/US/netsol/ns625/net_value_proposition0900aecd80380856.html.


Who Is Affected

Organizations that engage in financial activity or any type of activities that can be classified as financial institutions qualify for the GLBA assessments.

The GLBA defines "financial institutions" as companies that offer financial products or financial services, such as loans, investment advice, or insurance providers. Examples include the following:

GLBA Requirements

GLBA compliance is mandatory and requires United States–based financial institutions to

Section 501(b) of the GLBA defines the high-level privacy and security requirements and objectives for financial institutions to comply with.

To comply with this act, organizations are required to

The internationally recognized ISO/IEC 27002 (ISO/IEC 17799) provides a best-practice framework for achieving these objectives, coupled with the Cisco Self-Defending Network solution that aligns itself with the controls recommended by ISO/IEC 27002.

Penalties for Violations

Violation of the GLBA may result in severe penalties and litigation in a civil action brought by the United States Attorney General. The penalties, as amended under the Financial Institution Privacy Protection Act of 2003, include the following:

The Federal Trade Commission (FTC) was authorized to execute and implement the GLBA, and a Final Rule (16 CFR Part 314) was developed in May 2002 accordingly.

The effective date of compliance for this act for all financial institutions was May 23, 2003, and May 24, 2004, for existing service contracts.

Cisco Solutions Addressing GLBA

Table 25-1 lists the Cisco products and solutions that help address the GLBA requirements.

Table 25-1. Cisco Solutions Addressing GLBA Requirements
RequirementCisco Solutions
Protect Against Unauthorized Access
  • Cisco Secure Access Control Servers (ACS)

  • 802.1x

  • Network Admission Control

  • Cisco Integrated Services Routers (ISR)

  • Cisco ASA 5500 Series Adaptive Security Appliances

Secure Data Exchange with Affiliates and Service Providers
  • VPN Technologies

  • IPsec

  • DMVPN

  • SSL VPN

Detecting, Preventing, and Responding to Attacks and Intrusions
  • Cisco Security Monitoring, Analysis, and Response System (CS-MARS)

  • Cisco IPS solutions

  • Cisco Security Agent (CSA)

  • Cisco Security Manager

Implement, Test, and Adjust a Security Plan on a Continuing Basis
  • Cisco Security Auditor

  • Cisco Security Posture Assessment, and Penetration Testing Services


GLBA Summary

In summary, financial institutions need a system-based approach that is collaborative and adaptive, offering an effective governance framework to protect sensitive information and providing guidelines to meet GLBA compliance requirements.

For more details about GLBA, refer to the following documentation URLs:

http://banking.senate.gov/conf/

http://www.epic.org/privacy/glba/

http://www.ftc.gov/privacy/privacyinitiatives/glbact.html

http://www.wikipedia.org/wiki/GLBA

Previous Page Next Page