CompTIA CASP+ (CAS-004) — Question 408

A compliance officer is responsible for selecting the right governance framework to protect individuals' data. Which of the following is the appropriate framework for the company to consult when collecting international user data for the purpose of processing credit cards?

Answer options

• A. ISO 27001
• B. COPPA
• C. NIST 800-53
• D. PCI DSS

Correct answer: D

Explanation

The correct answer is PCI DSS, as it specifically addresses the security requirements for processing credit card information. ISO 27001 is a general information security management standard, COPPA pertains to children's online privacy, and NIST 800-53 provides a framework for federal information systems but is not specific to credit card transactions.