CompTIA CASP+ (CAS-004) — Question 32

An organization recently started processing, transmitting, and storing its customers' credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers' information.
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Answer options

• A. NIST
• B. GDPR
• C. PCI DSS
• D. ISO

Correct answer: C

Explanation

The correct answer is PCI DSS, as it is specifically designed to secure credit card information during both storage and transmission. NIST provides broader cybersecurity guidelines but is not focused solely on payment card data. GDPR is primarily concerned with personal data protection in the EU, while ISO standards cover various aspects of information security but do not specifically address credit card data management.