CSSLP · Question #284
CSSLP Question #284: Real Exam Question with Answer & Explanation
The correct answer is A: Federal Information Security Management Act of 2002 (FISMA). The Federal Information Security Management Act (FISMA) mandates a risk-based approach to information security for federal agencies, requiring annual reviews and reporting to the OMB.
Question
Which of the following US Acts emphasized a "risk-based policy for cost-effective security" and makes mandatory for agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the agency's information security program and report the results to Office of Management and Budget?
Options
- AFederal Information Security Management Act of 2002 (FISMA)
- BThe Electronic Communications Privacy Act of 1986 (ECPA)
- CThe Equal Credit Opportunity Act (ECOA)
- DThe Fair Credit Reporting Act (FCRA)
Explanation
The Federal Information Security Management Act (FISMA) mandates a risk-based approach to information security for federal agencies, requiring annual reviews and reporting to the OMB.
Common mistakes.
- B. The Electronic Communications Privacy Act (ECPA) primarily addresses the privacy of electronic communications, not federal information security program management and reporting.
- C. The Equal Credit Opportunity Act (ECOA) prohibits discrimination in credit transactions, which is unrelated to federal information security.
- D. The Fair Credit Reporting Act (FCRA) regulates the collection, dissemination, and use of consumer credit information, not federal agency information security programs.
Concept tested. US Federal IT Security Regulations - FISMA
Reference. https://csrc.nist.gov/projects/federal-information-security-modernization-act-fisma
Topics
Community Discussion
No community discussion yet for this question.