Although the United States does not have a single, comprehensive privacy and regulatory framework, a number of specific regulations pertain to types of data or populations.
Which of the following is NOT a regulatory system from the United States federal government?

A. HIPAA

B. SOX

C. FISMA

D. PCI DSS








 

Suggested Answer: D

Community Answer: D

The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry-regulatory standard, not a governmental one. The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and reporting, as well as transparency requirements for shareholders and other stakeholders. The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and pertains to data privacy and security for medical records. FISMA refers to the Federal Information Security Management Act of 2002 and pertains to the protection of all US federal government IT systems, with the exception of national security systems.

This question is in CCSP Certified Cloud Security Professional Exam
For getting Certified Cloud Security Professional (CCSP) Certificate






Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by ISC. 
Trademarks, certification & product names are used for reference only and belong to ISC.
The website does not contain actual questions and answers from ISC's Certification Exams.