CISSP Certification: Some US Regulations you need to know

Posted by Abhi G

Mar 6, 2020 9:29:53 AM

Legislation in the CISSP exam, in general, is not specific to any country. The exam does, however, expect you to know, at least at the definition/purpose level, the common regulatory standards (well-known across the world).


This means that you will be required to know about, say SoX and GDPR. What you don’t need to focus on, for passing the CISSP exam at least, is the specifics. For example, you don’t have to memorise the controls or the details of each control.

Do keep in mind, however, that the ISC2 CISSP book specifies details on both commonly-known regulations and also less commonly-known regulations. The rule of thumb is to only stick to these at the purpose/ definition level. The reason I say this is because if you see these regulations in the exam question, at least your mind will be coded to think right and support you to land on the right answer amongst the 4 choices given. 

Let us now list down some of the important ones - which you must know at the definition/ purpose level. Also, there is no need to remember the years when these acts were passed in the parliament (you can thank me later for this relief!). 

  • Sarbanes–Oxley Act of 2002

  • General Data Protection Regulation

  • Computer Fraud and Abuse Act

  • Gramm-Leach-Bliley Act (GLBA)

  • FISMA - Federal Information Security Management Act

  • Federal Privacy Act

  • NIST publication 800-53

  • Economic Espionage Act

  • HIPAA - Health Insurance Portability and Accountability Act.…/Health_Insurance_Portability_and…

  • PCI-DSS - Payment Card Industry Data Security Standard (Industry standard)…/Payment_Card_Industry_Data_Secur…

  • Electronic Communication and Privacy Act

  • Economic Espionage Act

  • USA Patriot Act

The author is a professional CISSP trainer within Cyber Management Alliance’s training pool. He is CM-Alliance’s CISSP/CISA/ISO 27001/SOX/Information Risk Management/SAP Cyber security trainer. He has an MBA (Finance), along with qualifications in Computer Engineering, CISSP, CISA, ITIL (expert), COBIT (foundations), and SAP security.

If you are interested in exploring our CISSP Training & Mentorship programme details and register for your Free CISSP session or contact us at 

For more information on Cyber Management Alliance, ISO 27001 Certification, our Live Online CISSP Training & Mentorship program, GDPR consultation and workshops, and other courses, webinars, the Wisdom of Crowds live and virtual events, and Insights With Cyber Leaders series of executive interviews, contact us today.



Recent Posts

Free CISSP Training

Get Email Updates on our Latest News

Simply enter you details in the form below to subscribe:

  • callOr call us on:
  • +44 (0) 203 189 1422