Certified Cloud Security Professional (CCSP) — Question 79

Above and beyond general regulations for data privacy and protection, certain types of data are subjected to more rigorous regulations and oversight.
Which of the following is not a regulatory framework for more sensitive or specialized data?

Answer options

• A. FIPS 140-2
• B. FedRAMP
• C. PCI DSS
• D. HIPAA

Correct answer: A

Explanation

FIPS 140-2 is a standard that pertains to the security requirements for cryptographic modules, but it is not a regulatory framework specifically designed for sensitive data like the others. FedRAMP, PCI DSS, and HIPAA are all established regulations that provide guidelines for handling more specialized data, such as federal data, payment card information, and health information, respectively.