You are currently viewing CISSP Certification: US Regulation you need to know for the CISSP exam.

CISSP Certification: US Regulation you need to know for the CISSP exam.

The CISSP is in general non-country specific, most questions should be answered from an international perspective, but there are a few exceptions.

The CISSP exam does contain some US laws and regulations you can expect to see on the exam:

  1. CFAA:
    1. https://www.law.cornell.edu/uscode/text/18/1030
    2. https://en.wikipedia.org/wiki/Computer_Fraud_and_Abuse_Act
  2. CSA (EPIC) Computer Security Act of 1987
    1. https://www.congress.gov/bill/100th-congress/house-bill/00145
    2. https://www.epic.org/crypto/csa/
  3. Federal Sentencing Guidelines Chapter 2: Particularly Parts B, H.3. and M.5.
    1. https://www.ussc.gov/sites/default/files/pdf/guidelines-manual/2016/GLMFull.pdf
  4. National Information Infrastructure Protection Act of 1996, (Title II)
    1. https://www.gpo.gov/fdsys/pkg/STATUTE-110/pdf/STATUTE-110-Pg3488.pdf
  5. Paperwork Reduction Act of 1995, of 1980, additional info
    1. https://www.gpo.gov/fdsys/pkg/BILLS-104s244enr/pdf/BILLS-104s244enr.pdf
    2. https://www.gpo.gov/fdsys/pkg/STATUTE-94/pdf/STATUTE-94-Pg2812.pdf
    3. https://it.ojp.gov/PrivacyLiberty/authorities/statutes/1289
  6. GISRA – Government Information Security Reform Act of 2000
    1. https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2001/m01-08.pdf
  7. FISMA – Federal Information Security Management Act, 2002; of 2014
    1. https://www.gpo.gov/fdsys/pkg/PLAW-107publ347/pdf/PLAW-107publ347.pdf
    2. https://www.gpo.gov/fdsys/pkg/PLAW-113publ283/pdf/PLAW-113publ283.pdf
  9. Economic Espionage Act of 1996
    1. https://www.gpo.gov/fdsys/pkg/PLAW-104publ294/pdf/PLAW-104publ294.pdf
  10. UCITA (Final) – Uniform Computer Information Transactions Act; Summary
    1. http://www.uniformlaws.org/shared/docs/computer_information_transactions/ucita_final_02.pdf
    2. http://www.uniformlaws.org/ActSummary.aspx?title=Computer%20Information%20Transactions%20Act
  11. Computer Export Controls from US Department of Commerce, Bureau of Industry and Security
    1. https://www.bis.doc.gov/
  12. CCL- Commerce Control List
    1. https://www.bis.doc.gov/index.php/regulations/commerce-control-list-ccl
  13. EAR – Export Administration Regulations
    1. https://www.bis.doc.gov/index.php/regulations/export-administration-regulations-ear
  14.  HIPAA – Health Insurance Portability and Accountability Act.
    1. https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act
  15. PCI-DSS – Payment Card Industry Data Security Standard.
    1. https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
  16. Sarbanes–Oxley Act of 2002
    1. https://en.wikipedia.org/wiki/Sarbanes%E2%80%93Oxley_Act

 

As with anything on the CISSP exam, you do not need to know these in great detail, but you do need to know them and what they do.

 I hope I can help YOU get certified,

Thor

Tags: , , , , , , , , ,

Thor Pedersen

IT, information security, and project management trainer Best selling CISSP. CISM, and PMP instructor on Udemy. CISSP, CISM, C|EH, CDPSE, PMP, 2x CCNP, CompTIA Security+, SCP, 3x CCNA, et. Al.