Which law is primarily focused on information security within the federal government?

Prepare for the DSST Ethics In Technology Exam with comprehensive study resources. Utilize flashcards and multiple-choice questions, each accompanied by hints and explanations. Gear up for your exam success!

Multiple Choice

Which law is primarily focused on information security within the federal government?

Explanation:
The question tests understanding of which law governs protecting federal information systems. The Federal Information Security Management Act is designed specifically for the federal government, requiring each agency to develop and implement an agency-wide information security program, use a risk-based approach to select and implement security controls, maintain continuous monitoring, and report annually on security posture. It also aligns with NIST standards to establish consistent protection across federal systems. The other options focus on different domains: the Critical Infrastructure Information Act protects sensitive information about critical infrastructure from public disclosure rather than providing a government-wide IT security framework; E-Verify is a system for verifying employee work eligibility; PCI-DSS is a private-sector standard for securing payment card data. None of these target information security management for federal information systems, so they’re not the primary law in this context.

The question tests understanding of which law governs protecting federal information systems. The Federal Information Security Management Act is designed specifically for the federal government, requiring each agency to develop and implement an agency-wide information security program, use a risk-based approach to select and implement security controls, maintain continuous monitoring, and report annually on security posture. It also aligns with NIST standards to establish consistent protection across federal systems.

The other options focus on different domains: the Critical Infrastructure Information Act protects sensitive information about critical infrastructure from public disclosure rather than providing a government-wide IT security framework; E-Verify is a system for verifying employee work eligibility; PCI-DSS is a private-sector standard for securing payment card data. None of these target information security management for federal information systems, so they’re not the primary law in this context.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy