Gramm-Leach-Bliley Act (GLBA) - AWS Audit Manager

Gramm-Leach-Bliley Act (GLBA)

To assist you with your audit preparation, AWS Audit Manager provides a prebuilt framework that supports the Gramm-Leach-Bliley Act (GLBA).

What is the Gramm-Leach-Bliley Act (GLBA)?

The Gramm-Leach-Bliley Act (GLB Act or GLBA), also known as the Financial Service Modernization Act of 1999, is a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals. The Act consists of three sections. The first is the Financial Privacy Rule, which regulates the collection and disclosure of private financial information. The second is the Safeguards Rule, which stipulates that financial institutions must implement security programs to protect such information. The third is the Pretexting provisions, which prohibit the practice of pretexting (accessing private information using false pretenses). The Act also requires financial institutions to give customers written privacy notices that explain their information-sharing practices.

Use AWS Audit Manager to support your Gramm-Leach-Bliley-Act audit preparation

You can use the Gramm-Leach-Bliley Act (GLBA) framework to help you prepare for audits. This framework includes a prebuilt collection of 4 automated controls and 110 manual controls. These controls are grouped into control sets according to GLBA requirements. You can also customize this framework and its controls to support internal audits with specific requirements.

The controls in this Audit Manager framework aren't intended to verify whether your systems are compliant with GLBA regulations. Moreover, they can't guarantee that you'll pass a GLBA assessment. AWS Audit Manager doesn't automatically check procedural controls that require manual evidence collection.

You can find this framework under the Standard frameworks tab of the Framework library in Audit Manager.

For instructions on how to create an assessment using this framework, see Creating an assessment. For instructions on how to customize this framework to support your specific requirements, see Customizing an existing framework and Customizing an existing control.