Certified Cloud Security Professional (CCSP) — Question 126

Although the United States does not have a single, comprehensive privacy and regulatory framework, a number of specific regulations pertain to types of data or populations.
Which of the following is NOT a regulatory system from the United States federal government?

Answer options

• A. HIPAA
• B. SOX
• C. FISMA
• D. PCI DSS

Correct answer: D

Explanation

The correct answer is D, PCI DSS, as it is a standard developed by the Payment Card Industry to secure credit card transactions, not a federal regulatory framework. HIPAA, SOX, and FISMA are all federal regulations that govern health information, financial practices, and federal information security, respectively.