312-50V10 · Question #545
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
The correct answer is D. Legislative, contractual, standards based. The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.
Question
What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
Options
- ALegal, performance, audit
- BAudit, standards based, regulatory
- CContractual, regulatory, industry
- DLegislative, contractual, standards based
How the community answered
(37 responses)- A3% (1)
- B3% (1)
- C5% (2)
- D89% (33)
Why each option
The OSSTMM defines three types of compliance that security tests must account for: legislative, contractual, and standards based.
Performance and audit are not recognized compliance categories in the OSSTMM framework - performance is a quality metric and audit is a process, not a compliance type.
While regulatory is a related concept, OSSTMM specifically uses 'legislative' rather than 'regulatory,' and this option omits contractual compliance entirely.
Contractual and regulatory appear in this option, but OSSTMM does not use 'industry' as a compliance category - it uses 'standards based' as the specific third type.
According to the OSSTMM, the three recognized compliance categories are legislative (laws and government mandates), contractual (obligations agreed upon between parties), and standards based (adherence to published industry or technical standards). These three categories encompass all external requirements an organization may face during security testing.
Concept tested: OSSTMM three types of compliance categories
Source: https://www.isecom.org/OSSTMM.3.pdf
Topics
Community Discussion
No community discussion yet for this question.