Certified Cloud Security Professional (CCSP) — Question 225

Which of the following is NOT a regulatory system from the United States federal government?

Answer options

• A. PCI DSS
• B. FISMA
• C. SOX
• D. HIPAA

Correct answer: A

Explanation

The correct answer is A, PCI DSS, as it is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment, but it is not a federal regulation. In contrast, FISMA (B), SOX (C), and HIPAA (D) are all federal regulations that govern specific aspects of information security and privacy.