Here are some examples I can supply. Depending on the state, there will be more. In addition there will be regulations in other regions; APAC (Asia Pacific Countries), EMEA (Europe, Middle East, and Africa), LATAM (Latin America).
These are some of the US Federal laws and regulations that impact ITAM in the United States of America.
Sarbanes-Oxley Act (SOX) – This law mandates strict reforms to improve financial disclosures from corporations and prevent accounting fraud. It impacts ITAM in terms of record-keeping and the management of electronic records.
Federal Information Security Management Act (FISMA) – It requires federal agencies to develop, document, and implement an information security and protection program.
Health Insurance Portability and Accountability Act (HIPAA) – HIPAA sets the standard for protecting sensitive patient data. Any company that deals with protected health information (PHI) must ensure that all the required physical, network, and process security measures are in place and followed.
Gramm-Leach-Bliley Act (GLBA) – This act obliges financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
Federal Information Technology Acquisition Reform Act (FITARA) – This law aims to reform the management and acquisition of federal information technology.
Federal Risk and Authorization Management Program (FedRAMP) – This program provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies.
Cybersecurity Information Sharing Act (CISA) – This act encourages the sharing of information about cybersecurity threats between the government and companies in the private sector.
The National Institute of Standards and Technology (NIST) Special Publications – NIST SP 800 series provide guidelines and best practices for federal information systems, including those relevant to ITAM.
The Defense Federal Acquisition Regulation Supplement (DFARS) – This set of regulations includes requirements for safeguarding defense-related data and reporting cybersecurity incidents.
The Federal Acquisition Regulation (FAR) – This regulation governs the acquisition process by which the federal government acquires goods and services, including IT assets.
The Economic Espionage Act (EEA) – This act makes the theft or misappropriation of a trade secret a federal crime.
The Children’s Online Privacy Protection Act (COPPA) – It imposes certain requirements on operators of websites or online services directed to children under 13 years of age.
The Patriot Act – This law includes provisions that impact ITAM, particularly in the areas of data retention and surveillance.
The Privacy Act of 1974 – This act establishes a code of information practices that governs the collection, maintenance, use, and dissemination of personally identifiable information about individuals that is maintained in systems of records by federal agencies
Others are periodically added in response to incidents, and often, State and Local regulations and ordinances are established that mirror those found at the Federal level as grants and other support are aligned to and reinforced by these.