CompTIA Security+ (SY0-601) — Question 763

A company recently set up an e-commerce portal to sell its products online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

Answer options

• A. PCI DSS
• B. ISO 22301
• C. ISO 27001
• D. NIST CSF

Correct answer: A

Explanation

The correct answer is PCI DSS, which stands for Payment Card Industry Data Security Standard, and is essential for any organization that handles credit card transactions. The other options, such as ISO 22301 and ISO 27001, focus on business continuity and information security management respectively, while NIST CSF is a framework for improving critical infrastructure cybersecurity, not specifically tailored for credit card processing.