Skip to content
Cyber Compliance

GLBASOC 2 crosswalk

A control-by-control mapping between GLBA Safeguards Rule (16 CFR Part 314) and SOC 2 (AICPA Trust Services Criteria). 5 mappings.

GLBASOC 2RelationshipNotes
§314.4(a)
Designate a qualified individual
CC1.1
Integrity and ethical values
RelatedCurated
Governance & security policy
§314.4(c)(1)
Access controls
CC6.1
Logical access security controls
EquivalentCurated
Access control & identity
§314.4(c)(3)
Encryption of customer information
CC6.7
Restricting data transmission
PartialCurated
Cryptography & data protection
§314.4(c)(8)
Monitoring and logging of authorized user activity
CC7.2
Security event monitoring
EquivalentCurated
Logging, monitoring & detection
§314.4(d)
Regularly test or monitor safeguards
CC7.1
Vulnerability detection and monitoring
PartialCurated
Vulnerability management

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.