ISAUnited CPL Jurisdiction

CPL U.S. States Alignment

Jurisdiction profiles that connect the Defensible 10 Standards to state-level cybersecurity law categories.

Last updated: December 2025. State-level laws only. No municipal, city, or county ordinances.

[Governance: Professional Licensing Authority + CPL Governance Working Group]

Organizations do not operate in a single cybersecurity environment. In the United States, state-level cybersecurity obligations shape breach response expectations, unlawful access controls, sector security duties, and government cybersecurity governance requirements. ISAUnited maintains U.S. state alignment profiles to show how the Defensible 10 Standards (D10S) map to these legal categories through evidence-based engineering practice.

CPL applicants select one or more states of practice during registration. ISAUnited then issues a jurisdiction profile checklist that aligns applicable state-law categories with D10S evidence expectations, supporting consistent governance and defensible implementation across environments.

Why U.S. State Alignment Matters

Cybersecurity is not only technical. It is operational accountability. State laws set minimum requirements for breach response, consumer notification, and the protection of certain data classes. Regulated sectors such as insurance, education, and health data may carry additional requirements.

ISAUnited’s approach is not to replace legal counsel or compliance functions. The purpose is to provide an engineering-grade, repeatable mapping that helps organizations and practitioners connect statutory categories to measurable technical standards and evidence.

Matrix 1 summarizes the presence of state-level cybersecurity law categories by state. It is a landscape view. It does not attempt to reproduce statutes or legal text. It shows which categories are commonly in scope for breach response, unlawful access, privacy duties, and key sector overlay.

Download Matrix-US Cyber Laws

From legal categories to engineered outcomes

A category's presence does not mean an organization is prepared. ISAUnited uses the Defensible 10 Standards to translate these categories into engineering expectations that can be verified with evidence. CPL is the evaluation mechanism that validates that a practitioner can apply the standards under responsible practice, document decisions, and produce defensible artifacts for organizational review.

ISAUnited uses the Defensible 10 Standards to translate these categories into engineering expectations that can be verified with evidence. CPL is the evaluation mechanism that validates that a practitioner can apply the standards under responsible practice, document decisions, and produce defensible artifacts for organizational review.

The following Matrix 2 shows the D10S parent standards that govern each law category when it is present in a state profile.

Download Matrix-US Laws to D10S

How CPL registration uses U.S. States Alignment

During CPL registration, applicants identify their state or states of practice and the sectors in which they operate. ISAUnited issues a jurisdiction profile checklist that aligns state-law categories with D10S evidence expectations. ISAUnited issues a jurisdiction profile checklist that aligns state-law categories with D10S evidence expectations. This gives organizations a consistent method for verifying that a practitioner can design, implement, and govern defensible outcomes in the context of state-level cybersecurity obligations. This establishes a consistent process for organizations to evaluate capability, using the same standards language across jurisdictions.

State selection produces the jurisdiction profile checklist.
D10S determines the engineering expectations and evidence posture.
CPL evaluation verifies competence through defensible artifacts.

HQ: 1-844-453-4411

Why Join ISAUnited?

Play

Become a Member Today

Membership Types

Get Involved

Technical Fellow Society Our Society is a prestigious body of seasoned experts whose leadership and counsel guide the advancement, integrity, and operations of our cybersecurity architecture and engineering mission.

ISAUnited Credentials, Certifications, & Accreditation

Click here for an overview:

Certified Professional Licenses (CPL)

Team Training & CAE Certification

Security by Design Accreditation

The School of Engineering Cyber Defense

Learning Starts Here

Professional Programs

Student Resouces

Find Your Pathway

Join Knights Nation Online school for cyber architecture & engineering—build a portfolio and follow a clear path to CPL.

ISAUnited's Defensible 10 Standards

Visit Defensible10.org Explore the open standards library, download the 2025 Draft Edition, and join the Open Season to contribute Sub-Standards that advance true cybersecurity engineering.

Security Standards

Security Controls

Security Design

Launching Fall 2025. ISAUnited’s Defensible 10 Standards offer a vendor-neutral, engineering-grade blueprint across ten core security domains for provable security by design beyond compliance.

U.S. Cyber Architecture and Engineering Report Card

Coming 2026 — Defensible Grades. Transparent scoring. Repeatable methods. Public accountability.

About

ISAUnited's Core Divisions & Programs

Cybersecurity Architecture

Cybersecurity Engineering

Security by Design

Cyber Sciences

Coming 2026 — Cybercrime Division. A new ISAUnited department that fuses cyber-criminal intelligence, digital forensics, and U.S. cyber-law insight to sharpen every architecture and engineering decision.

Our Practices in Cybersecurity Architecture & Engineering

Overview

Fundamentals

Enterprise Security Architecture Design Frameworks and practices for enterprise-scale, defensible architectures.

NEW Mastering Security by Design Your field guide to turning goals into defensible designs—principles, models, and methods.

Our Story & Mission

Play

Who We Are

Enterprise Security Architecture Body of Knowledge. The ESABOK from ISAUnited empowers architects and engineers to navigate architecture conformity and standardized processes for secure design confidently.

CPL U.S. States Alignment

Jurisdiction profiles that connect the Defensible 10 Standards to state-level cybersecurity law categories.

Why U.S. State Alignment Matters

From legal categories to engineered outcomes

How CPL registration uses U.S. States Alignment

Guest

Members

Technical Fellow Society

Our Society is a prestigious body of seasoned experts whose leadership and counsel guide the advancement, integrity, and operations of our cybersecurity architecture and engineering mission.

Join Knights Nation

Online school for cyber architecture & engineering—build a portfolio and follow a clear path to CPL.

Visit Defensible10.org

Explore the open standards library, download the 2025 Draft Edition, and join the Open Season to contribute Sub-Standards that advance true cybersecurity engineering.

Launching Fall 2025.

ISAUnited’s Defensible 10 Standards offer a vendor-neutral, engineering-grade blueprint across ten core security domains for provable security by design beyond compliance.

Coming 2026 — Defensible Grades.

Transparent scoring. Repeatable methods. Public accountability.

Coming 2026 — Cybercrime Division.

A new ISAUnited department that fuses cyber-criminal intelligence, digital forensics, and U.S. cyber-law insight to sharpen every architecture and engineering decision.

Enterprise Security Architecture Design

Frameworks and practices for enterprise-scale, defensible architectures.

NEW Mastering Security by Design

Your field guide to turning goals into defensible designs—principles, models, and methods.

Enterprise Security Architecture
Body of Knowledge.

The ESABOK from ISAUnited empowers architects and engineers to navigate architecture conformity and standardized processes for secure design confidently.