Notable Regulatory Systems from the United States Federal Government

D.

The Payment Card Industry Data Security Standard (PCI DSS) pertains to organizations that handle credit card transactions and is an industry-regulatory standard, not a governmental one.

The Sarbanes-Oxley Act (SOX) was passed in 2002 and pertains to financial records and reporting, as well as transparency requirements for shareholders and other stakeholders.

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 and pertains to data privacy and security for medical records.

FISMA refers to the Federal Information Security Management Act of 2002 and pertains to the protection of all US federal government IT systems, with the exception of national security systems.

The answer is D. PCI DSS.

The Payment Card Industry Data Security Standard (PCI DSS) is not a regulatory system from the United States federal government, but rather a set of security standards created by the Payment Card Industry Security Standards Council (PCI SSC), which is a private industry consortium.

On the other hand, the other three options are regulatory systems from the United States federal government:

A. HIPAA: The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that regulates the handling of protected health information (PHI) by healthcare providers, health plans, and healthcare clearinghouses.

B. SOX: The Sarbanes-Oxley Act (SOX) is a federal law that regulates the financial practices of publicly traded companies, including their accounting, auditing, and reporting.

C. FISMA: The Federal Information Security Management Act (FISMA) is a federal law that requires federal agencies to develop, implement, and document information security programs to protect their information and information systems.

In summary, while PCI DSS is an important security standard for protecting credit card data, it is not a regulatory system from the United States federal government.