Regulatory context
Know your industry's obligations — separate from your credential.
Legacy Core issues verifiable readiness credentials. These guides summarize binding law and professional duties by vertical so you can speak accurately in client and chamber conversations.
- Read context guide →
CPAs & Tax Preparers
Accounting firms and tax preparers handling client financial data
FTC Safeguards Rule (16 CFR Part 314) under the Gramm-Leach-Bliley Act
- Read context guide →
Law Firms
Attorneys and law practices handling client confidential information
ABA Model Rules 1.1 (Competence) and 1.6(c) (Confidentiality); California Rule of Professional Conduct 1.6
- Read context guide →
Medical & Dental Practices
Covered entities and business associates handling electronic protected health information
HIPAA Security Rule (45 CFR Part 164)
- Read context guide →
Financial Advisers (Small RIAs)
SEC-registered investment advisers managing under $1.5 billion AUM
Amended SEC Regulation S-P (adopted May 15, 2024; small-entity compliance June 3, 2026)
- Read context guide →
Insurance Agencies (California)
Licensed California insurance agents and brokers
California breach notification (Cal. Civ. Code § 1798.29 / § 1798.82); CCPA/CPRA if revenue and data thresholds are met; CDI licensing rules
Boundary
What a Legacy Core credential does not attest to
A Trust Badge documents demonstrated readiness against a dated Standards Release (assessment basis: NIST CSF 2.0 and CIS Controls v8). It is not a substitute for industry-specific legal or regulatory obligations.
- FTC Safeguards Rule or WISP compliance (CPAs / tax preparers)
- HIPAA compliance or OCR audit readiness (medical / dental)
- ABA or State Bar ethics sign-off (attorneys)
- SEC Regulation S-P compliance (investment advisers)
- NAIC Insurance Data Security Model Law (including in California — not adopted)
- CCPA cybersecurity audit certification (threshold-gated regulation)
- Cyber insurance approval or claim guarantee
- Penetration test, SOC 2, CMMC, or government endorsement
Legacy Core is aligned with NIST CSF 2.0 and CIS Controls v8. Legacy Core is not affiliated with, endorsed by, or accredited by NIST, CIS, or any government agency. Tracking a framework does not constitute a determination of legal or regulatory compliance.
Industry-specific obligations by vertical: Regulatory context guides