210-255 · Question #186
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)
The correct answer is A. PCI C. HIPAA. PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.
Question
Which two compliance frameworks require that data be encrypted when it is transmitted over a public network? (Choose two.)
Options
- APCI
- BGLBA
- CHIPAA
- DSOX
- ECOBIT
How the community answered
(34 responses)- A88% (30)
- B3% (1)
- D3% (1)
- E6% (2)
Why each option
PCI DSS and HIPAA both include explicit technical requirements mandating encryption of sensitive data transmitted across public or open networks.
PCI DSS Requirement 4.2.1 explicitly states that strong cryptography must be used to safeguard primary account number (PAN) data during transmission over open, public networks.
GLBA (Gramm-Leach-Bliley Act) mandates data security programs for financial institutions but does not prescribe specific technical controls such as mandatory transmission encryption.
HIPAA Security Rule (45 CFR 164.312(e)(2)(ii)) specifies that covered entities must implement a mechanism to encrypt electronic protected health information (ePHI) whenever deemed appropriate, and transmission security is a required standard, making encryption of data in transit a recognized safeguard.
SOX (Sarbanes-Oxley Act) focuses on financial reporting accuracy and internal controls for publicly traded companies, not on specific data encryption requirements for network transmission.
COBIT is an IT governance framework, not a compliance regulation - it provides guidance and best practices but does not mandate specific technical controls like encryption in transit.
Concept tested: Compliance framework requirements for data encryption in transit
Source: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
Topics
Community Discussion
No community discussion yet for this question.