CompTIA Security+ (SY0-601) — Question 772

After a recent external audit, the compliance team provided a list of several non-compliant, in-scope hosts that were not encrypting cardholder data at rest. Which of the following compliance frameworks would address the compliance team's GREATEST concern?

Answer options

• A. PCI DSS
• B. GDPR
• C. ISO 27001
• D. NIST CSF

Correct answer: A

Explanation

The PCI DSS (Payment Card Industry Data Security Standard) specifically focuses on protecting cardholder data, making it the most relevant framework for addressing issues related to non-compliance in data encryption. While GDPR, ISO 27001, and NIST CSF also address various aspects of data protection and compliance, they do not specifically target cardholder data like PCI DSS does.