Regulations are published government mandates such as HIPAA, Sarbanes-Oxley, or GLBA. These regulations describe the business functions and security functions that must be performed, usually with limited information on the implementation details.

The following are some of the regulations for which predefined policies exist: