Skip to content
Cyber Compliance

GLBASOC 2 crosswalk

A control-by-control mapping between GLBA Safeguards Rule (16 CFR Part 314) and SOC 2 (AICPA Trust Services Criteria). 5 mappings.

GLBASOC 2RelationshipNotes
§314.4(a)
Designate a qualified individual
CC1.1
Integrity and ethical values
RelatedCurated
Gouvernance et politique de sécurité
§314.4(c)(1)
Access controls
CC6.1
Logical access security controls
EquivalentCurated
Contrôle d'accès et identité
§314.4(c)(3)
Encryption of customer information
CC6.7
Restricting data transmission
PartialCurated
Cryptographie et protection des données
§314.4(c)(8)
Monitoring and logging of authorized user activity
CC7.2
Security event monitoring
EquivalentCurated
Journalisation, surveillance et détection
§314.4(d)
Regularly test or monitor safeguards
CC7.1
Vulnerability detection and monitoring
PartialCurated
Gestion des vulnérabilités

Mappings marked “Official” derive from standards-body informative references; “Curated” mappings are authored by Cyber Compliance and provided for guidance only.