Certified Cloud Security Professional (CCSP) — Question 64

Which of the following is NOT a major regulatory framework?

Answer options

• A. PCI DSS
• B. HIPAA
• C. SOX
• D. FIPS 140-2

Correct answer: A

Explanation

The correct answer is A, PCI DSS, because it is a standard for payment card security rather than a regulatory framework. In contrast, HIPAA, SOX, and FIPS 140-2 are all established regulatory frameworks aimed at protecting sensitive information and ensuring compliance in various sectors.