CompTIA Security+ SY0-601 Exam Answer

A company recently set up an e-commerce portal to sell its product online.

The company wants to start accepting credit cards for payment, which requires compliance with a security standard.

Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

A.

PCI DSS

B.

ISO 22301

C.

ISO 27001

D.

NIST CSF.

A.

The security standard that a company must comply with before accepting credit cards on its e-commerce platform is the Payment Card Industry Data Security Standard (PCI DSS). This standard was created by major credit card companies to ensure that businesses that accept credit card payments maintain a secure environment to protect cardholder data.

PCI DSS includes a set of requirements and security controls that businesses must follow to protect sensitive credit card data from unauthorized access, theft, or fraud. These requirements include maintaining secure networks, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring and testing networks, and maintaining an information security policy.

Failure to comply with PCI DSS requirements can result in financial penalties, legal action, and damage to a business's reputation. Therefore, it is crucial for companies that accept credit card payments to comply with the PCI DSS standard to protect their customers' sensitive data and maintain trust in their brand.

ISO 22301, ISO 27001, and NIST CSF are other security standards, but they are not directly related to credit card payment processing. ISO 22301 is a standard for business continuity management, ISO 27001 is a standard for information security management, and NIST CSF is a framework for improving cybersecurity risk management in organizations.