CISSP Certification: Some US Regulations you need to know
Date: 6 March 2020
Legislation in the CISSP exam, in general, is not specific to any country. The exam does, however, expect you to know, at least at the definition/purpose level, the common regulatory standards (well-known across the world).
This means that you will be required to know about, say SoX and GDPR. What you don’t need to focus on, for passing the CISSP exam at least, is the specifics. For example, you don’t have to memorise the controls or the details of each control.
Do keep in mind, however, that the ISC2 CISSP book specifies details on both commonly-known regulations and also less commonly-known regulations. The rule of thumb is to only stick to these at the purpose/ definition level. The reason I say this is because if you see these regulations in the exam question, at least your mind will be coded to think right and support you to land on the right answer amongst the 4 choices given.
Let us now list down some of the important ones - which you must know at the definition/ purpose level. Also, there is no need to remember the years when these acts were passed in the parliament (you can thank me later for this relief!).
- Sarbanes–Oxley Act of 2002
https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act
- General Data Protection Regulation
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
- Computer Fraud and Abuse Act
https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
- Gramm-Leach-Bliley Act (GLBA)
https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act
- FISMA - Federal Information Security Management Act
https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002
- Federal Privacy Act
https://en.wikipedia.org/wiki/Privacy_Act_of_1974
- NIST publication 800-53
https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53
- Economic Espionage Act
https://en.wikipedia.org/wiki/Economic_Espionage_Act_of_1996
- HIPAA - Health Insurance Portability and Accountability Act.
https://en.wikipedia.org/…/Health_Insurance_Portability_and…
- PCI-DSS - Payment Card Industry Data Security Standard (Industry standard)
https://en.wikipedia.org/…/Payment_Card_Industry_Data_Secur…
- Electronic Communication and Privacy Act
https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act
- Economic Espionage Act
https://en.wikipedia.org/wiki/Economic_Espionage_Act_of_1996
- USA Patriot Act
https://en.wikipedia.org/wiki/Patriot_Act
The author is a professional CISSP trainer within Cyber Management Alliance’s training pool. He is CM-Alliance’s CISSP/CISA/ISO 27001/SOX/Information Risk Management/SAP Cyber security trainer. He has an MBA (Finance), along with qualifications in Computer Engineering, CISSP, CISA, ITIL (expert), COBIT (foundations), and SAP security.
If you are interested in exploring our CISSP Training & Mentorship programme details and register for your Free CISSP session or contact us at info@cm-alliance.com.
For more information on Cyber Management Alliance, ISO 27001 Certification, our Live Online CISSP Training & Mentorship program, GDPR consultation and workshops, and other courses, webinars, the Wisdom of Crowds live and virtual events, and Insights With Cyber Leaders series of executive interviews, contact us today.