CompTIA CySA+ Practice Test

Which law requires government agencies and other organizations that operate systems on behalf of government agencies to comply with security standards?

• A. FISMA
• B. SOX
• C. HIPAA
• D. COPPA

The correct answer is: FISMA

The law that requires government agencies and other organizations operating systems on behalf of government agencies to comply with security standards is the Federal Information Security Management Act (FISMA). FISMA was enacted to provide a framework for securing information technology systems used by federal agencies. It mandates that agencies develop, document, and implement an information security program to protect their information and systems, which subsequently includes compliance with set security standards and guidelines. FISMA emphasizes the need for continuous monitoring and assessment of information security risks, as well as the necessity for a formal review and approval process for security programs. This law is crucial in establishing a structure for protecting government data against various forms of cyber threats and ensuring the integrity, confidentiality, and availability of information systems. The other laws mentioned—SOX, HIPAA, and COPPA—each pertain to different aspects of data protection and compliance but do not specifically mandate security standards for government agencies. For instance, SOX relates to financial reporting and corporate governance, HIPAA governs healthcare data protection, and COPPA focuses on protecting the privacy of children under 13 online. Each serves important roles in their respective fields but does not address the requirements imposed by FISMA pertaining to government agencies and their operations.