Exam CCSP topic 1 question 232 discussion

PCI DSS (Payment Card Industry Data Security Standard) is not a U.S. federal government regulation. It’s a set of security standards developed by major credit card companies to protect cardholder data, and while it is widely enforced by the payment card industry, it is not a law enacted by the U.S. government. Here's why the others are not correct: HIPAA (Health Insurance Portability and Accountability Act): This is a federal law that establishes standards for protecting sensitive patient health information. SOX (Sarbanes-Oxley Act): This is a federal law that sets requirements for financial reporting and corporate governance, particularly in response to corporate fraud. FISMA (Federal Information Security Management Act): This is a federal law that requires federal agencies and contractors to implement information security programs.

SOX (Sarbanes-Oxley Act) is not a regulatory system from the United States federal government. SOX is a corporate governance law that was enacted in 2002 in response to a number of accounting scandals at major companies. The law sets out certain requirements for public companies, including the need for independent audits and improved financial reporting. SOX does not pertain to privacy or data regulation specifically. The other three options (HIPAA, FISMA, and PCI DSS) are all regulatory systems from the United States federal government. HIPAA (Health Insurance Portability and Accountability Act) is a law that protects the privacy of individuals' health information. FISMA (Federal Information Security Management Act) is a law that establishes a framework for securing federal government information systems. PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards for organizations that handle credit card information.

D. PCI DSS

The Federal Information Security Management Act of 2002 is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002. The act recognized the importance of information security to the economic and national security interests of the United States. PCI is rules created by the credit card companies hence global.

D is correct. Explanation is on point.

Explain is not true : https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002 according to this link :" According to FISMA, the head of each agency shall develop and maintain an inventory of major information systems (including major national security systems)"