Certified Information Privacy Manager (CIPM) — Question 80

Which of the following controls does the PCI DSS framework NOT require?

Answer options

• A. Implement strong asset control protocols.
• B. Implement strong access control measures.
• C. Maintain an information security policy.
• D. Maintain a vulnerability management program.

Correct answer: A

Explanation

The PCI DSS does not specifically require strong asset control protocols as a standalone control; rather, it focuses on access control measures, information security policies, and vulnerability management as essential elements for compliance. Options B, C, and D are explicitly mentioned in the PCI DSS requirements, making them mandatory.