The primary function of a cloud-based federation service is to authenticate users and facilitate SSO to business applications. Providers that play in this space are:
* Arcot Systems
* Clavid
* Cloud Identity
* FuGen Solutions
* Gluu
* Ping Identity
* ProtectNetwork
* SSOCircle
* Symplified
* TriCipher

• ISACA
• COBIT WIKI

PCI DSS is a standard which protects Credit Cardholder information.  The Goal of this program is to render the credit card data useless after it has been processed by the merchant.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures.
For more information you can access following URL's:

As the security industry matures from managing user id's, firewalls, routers, and servers a capability to track and ensure value provided by security process is in high demand.  Governance, Risk, and Complinace (GRC) is a term coined but vendors to gain a market share in this space.  Some of the players are: