Review should include
- regulations, standards, and legislation associated with
- general data protection regulation
- national, territorial, or state laws
- payment card industry data
- Payment Card Industry Data Security Standard (PCI DSS)
- key frameworks
- benchmarks and secure configuration guides
- platform or vendor specific guides
- web server
- OS
- application server
- network infrastructure devices.