Certified Cloud Security Professional – CCSP – Question325

Which of the following is NOT a major regulatory framework?

A.
PCI DSS
B. HIPAA
C. SOX
D. FIPS 140-2

Correct Answer: D

Explanation:

Explanation: FIPS 140-2 is a United States certification standard for cryptographic modules, and it provides guidance and requirements for their use based on the requirements of the data classification. However, these are not actual regulatory requirements. The Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), and the Payment Card Industry Data Security Standard (PCI DSS) are all major regulatory frameworks either by law or specific to an industry.