The CISSP is in general non-country specific, most questions should be answered from an international perspective, but there are a few exceptions.
The CISSP exam does contain some US laws and regulations you can expect to see on the exam:
- CFAA:
- CSA (EPIC) Computer Security Act of 1987
- Federal Sentencing Guidelines Chapter 2: Particularly Parts B, H.3. and M.5.
- National Information Infrastructure Protection Act of 1996, (Title II)
- Paperwork Reduction Act of 1995, of 1980, additional info
- GISRA – Government Information Security Reform Act of 2000
- FISMA – Federal Information Security Management Act, 2002; of 2014
- Economic Espionage Act of 1996
- UCITA (Final) – Uniform Computer Information Transactions Act; Summary
- Computer Export Controls from US Department of Commerce, Bureau of Industry and Security
- CCL- Commerce Control List
- EAR – Export Administration Regulations
- HIPAA – Health Insurance Portability and Accountability Act.
- PCI-DSS – Payment Card Industry Data Security Standard.
- Sarbanes–Oxley Act of 2002
As with anything on the CISSP exam, you do not need to know these in great detail, but you do need to know them and what they do.
I hope I can help YOU get certified,
Thor