CISSP Certification: Some US Regulations you need to know for the CISSP exam

Posted by Abhi G

Mar 6, 2020 9:29:53 AM

Legislation in the CISSP exam, in general, is not specific to any country. The exam does, however, expect you to know, at least at the definition/purpose level, the common regulatory standards (well-known across the world).

 

This means that you will be required to know about, say SoX and GDPR. What you don’t need to focus on, for passing the CISSP exam at least, is the specifics. For example, you don’t have to memorise the controls or the details of each control.

Do keep in mind, however, that the ISC2 CISSP book specifies details on both commonly-known regulations and also less commonly-known regulations. The rule of thumb is to only stick to these at the purpose/ definition level. The reason I say this is because if you see these regulations in the exam question, at least your mind will be coded to think right and support you to land on the right answer amongst the 4 choices given. 

Let us now list down some of the important ones - which you must know at the definition/ purpose level. Also, there is no need to remember the years when these acts were passed in the parliament (you can thank me later for this relief!). 

  • Sarbanes–Oxley Act of 2002

https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

  • General Data Protection Regulation

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

  • Computer Fraud and Abuse Act

https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act

  • Gramm-Leach-Bliley Act (GLBA)

https://en.wikipedia.org/wiki/Gramm%E2%80%93Leach%E2%80%93Bliley_Act

  • FISMA - Federal Information Security Management Act

https://en.wikipedia.org/wiki/Federal_Information_Security_Management_Act_of_2002

  • Federal Privacy Act 

https://en.wikipedia.org/wiki/Privacy_Act_of_1974

  • NIST publication 800-53

https://en.wikipedia.org/wiki/NIST_Special_Publication_800-53

  • Economic Espionage Act 

https://en.wikipedia.org/wiki/Economic_Espionage_Act_of_1996

  • HIPAA - Health Insurance Portability and Accountability Act.

https://en.wikipedia.org/…/Health_Insurance_Portability_and…

  • PCI-DSS - Payment Card Industry Data Security Standard (Industry standard)

https://en.wikipedia.org/…/Payment_Card_Industry_Data_Secur…

  • Electronic Communication and Privacy Act 

https://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

  • Economic Espionage Act 

https://en.wikipedia.org/wiki/Economic_Espionage_Act_of_1996

  • USA Patriot Act

https://en.wikipedia.org/wiki/Patriot_Act

The author is a professional CISSP trainer within Cyber Management Alliance’s training pool. He is CM-Alliance’s CISSP/CISA/ISO 27001/SOX/Information Risk Management/SAP Cyber security trainer. He has an MBA (Finance), along with qualifications in Computer Engineering, CISSP, CISA, ITIL (expert), COBIT (foundations), and SAP security.

If you are interested in exploring our CISSP Training & Mentorship programme details and register for your Free CISSP session – click here or contact us at info@cm-alliance.com. 

For more information on Cyber Management Alliance, ISO 27001 Certification, our Live Online CISSP Training & Mentorship program, GDPR consultation and workshops, and other courses, webinars, the Wisdom of Crowds live and virtual events, and Insights With Cyber Leaders series of executive interviews, click here or contact us today.