Compliance Public Resources and References

Federal and state compliance obligations are rooted in primary legal texts, agency guidance, and published standards that are publicly accessible through official government portals and recognized standards bodies. This page identifies the major categories of authoritative reference material available to compliance professionals, legal researchers, policy analysts, and regulated entities across the United States. Understanding where to locate binding rules, interpretive guidance, and educational frameworks is foundational to any compliance program and directly affects how organizations document, monitor, and demonstrate adherence to applicable requirements.

Primary texts and databases

The foundational layer of any compliance research effort consists of primary legal instruments: statutes, codified regulations, and official administrative records. The three core federal databases are:

1. United States Code (U.S.C.) — The codified text of federal statutes, maintained by the Office of Law Revision Counsel at uscode.house.gov. Statutes are organized into 54 titles; Title 15 covers commerce and trade, Title 29 covers labor, and Title 42 covers public health and welfare.
2. Code of Federal Regulations (C.F.R.) — The codified text of federal agency rules, published by the Government Publishing Office at ecfr.gov. The eCFR provides the most current version of all 50 CFR titles, updated daily.
3. Federal Register — The official daily journal of the federal government, available at federalregister.gov, publishing proposed rules, final rules, and agency notices. Proposed rulemaking records are critical for tracking regulatory change before rules become binding.

At the state level, each state maintains its own administrative code. The National Conference of State Legislatures (ncsl.org) aggregates links to individual state legislative databases, covering all 50 states and 5 territories. Researchers examining state compliance regulations should consult state-specific administrative registers for active rulemaking.

Standards bodies such as the American National Standards Institute (ANSI) at ansi.org and the National Institute of Standards and Technology (NIST) at nist.gov publish voluntary and mandatory technical standards, including NIST Special Publication 800-53 (security and privacy controls) and NIST SP 800-37 (risk management framework), both available at csrc.nist.gov.

Agency portals

Federal regulatory agencies maintain public-facing portals that serve as the authoritative source for sector-specific compliance requirements, enforcement actions, and interpretive guidance. Key portals by sector include:

• Health and Human Services (HHS) — hhs.gov — Covers HIPAA, 42 CFR Part 2 (substance use records), and the Office of Inspector General (OIG) compliance guidance library, which includes model compliance program guidance for 11 healthcare industry segments.
• Securities and Exchange Commission (SEC) — sec.gov — Hosts the EDGAR filing system, no-action letters, and interpretive releases governing securities regulation under the Securities Exchange Act of 1934.
• Occupational Safety and Health Administration (OSHA) — osha.gov — Publishes all 29 CFR Part 1910 (general industry) and 29 CFR Part 1926 (construction) standards, along with enforcement statistics and compliance assistance resources. OSHA's penalty structure, last updated under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015, is published annually at osha.gov/penalties.
• Environmental Protection Agency (EPA) — epa.gov — Hosts the ECHO (Enforcement and Compliance History Online) database, which provides facility-level compliance records for air, water, and hazardous waste regulations.
• Federal Trade Commission (FTC) — ftc.gov — Publishes guidance on the FTC Act Section 5, the Children's Online Privacy Protection Act (COPPA), and the Gramm-Leach-Bliley Act Safeguards Rule.

The regulatory compliance agencies page provides a structured breakdown of agency jurisdiction by sector.

Public education sources

Public education materials serve a distinct function from primary texts: they translate statutory and regulatory requirements into operational frameworks without carrying binding legal force. The contrast between binding primary law and non-binding guidance is a critical classification boundary in compliance practice. Guidance documents, FAQs, and compliance manuals published by agencies are interpretive, not legislative.

Recognized public education sources include:

• NIST National Cybersecurity Center of Excellence (NCCoE) at nccoe.nist.gov — Publishes practice guides and example solutions for cybersecurity and data privacy implementation.
• HHS Office for Civil Rights (OCR) at hhs.gov/ocr — Provides HIPAA training materials, audit protocols, and resolution agreement summaries that function as practical compliance benchmarks.
• IRS Tax Exempt & Government Entities Division at irs.gov — Offers compliance guides for 501(c)(3) organizations covering governance, reporting, and executive compensation requirements.
• DOJ Evaluation of Corporate Compliance Programs — Published by the Department of Justice Criminal Division at justice.gov, this document establishes 3 core diagnostic questions used by federal prosecutors to assess program effectiveness.

Educational frameworks that support a structured process framework for compliance typically draw from these non-binding but operationally significant sources.

Federal resources

Federal resources extend beyond agency portals to include interagency coordination bodies, GAO reports, and Congressional Research Service (CRS) publications. The Government Accountability Office publishes compliance-related performance audits at gao.gov, covering compliance audit requirements across federal programs. The Congressional Research Service library, accessible at crsreports.congress.gov, provides nonpartisan legal and policy analysis on statutes and regulatory frameworks, with over 700 reports directly addressing federal compliance topics.

The Office of Management and Budget (OMB) at whitehouse.gov/omb publishes Circular A-123 (management accountability and control) and Uniform Guidance (2 CFR Part 200), which governs compliance requirements for all recipients of federal financial assistance — covering more than $800 billion in annual federal grant expenditures (OMB 2 CFR Part 200).

The Federal Acquisition Regulation (FAR), codified at 48 CFR and accessible at acquisition.gov, establishes compliance requirements applicable to all federal contractors. Researchers working on federal compliance requirements will find the FAR and its agency supplements (DFARS for defense, HHSAR for health and human services) among the most operationally consequential primary texts in the federal compliance landscape.