ISC2 CSSLP Exam - Topic 5 Question 101 Discussion

The Federal Information Security Management Act of 2002 ('FISMA', 44 U.S.C. 3541, et seq.) is a United States federal law enacted in 2002 as

Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The act recognized the importance of information security to the

economic and national security interests of the United States. The act requires each federal agency to develop, document, and implement an

agency-wide program to provide information security for the information and information systems that support the operations and assets of

the agency, including those provided or managed by another agency, contractor, or other source.

FISMA has brought attention within the federal government to cybersecurity and explicitly emphasized a 'risk-based policy for cost-effective

security'. FISMA requires agency program officials, chief information officers, and inspectors general (IGs) to conduct annual reviews of the

agency's information security program and report the results to Office of Management and Budget (OMB). OMB uses this data to assist in its

oversight responsibilities and to prepare this annual report to Congress on agency compliance with the act.

Answer C is incorrect. The Equal Credit Opportunity Act (ECOA) is a United States law (codified at 15 U.S.C. 1691 et seq.), enacted in

1974, that makes it unlawful for any creditor to discriminate against any applicant, with respect to any aspect of a credit transaction, on the

basis of race, color, religion, national origin, sex, marital status, or age; to the fact that all or part of the applicant's income derives from a

public assistance program; or to the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act.

The law applies to any person who, in the ordinary course of business, regularly participates in a credit decision, including banks, retailers,

bankcard companies, finance companies, and credit unions.

Answer B is incorrect. The Electronic Communications Privacy Act of 1986 (ECPA Pub. L. 99-508, Oct. 21, 1986, 100 Stat. 1848, 18 U.S.C.

2510) was enacted by the United States Congress to extend government restrictions on wire taps from telephone calls to include

transmissions of electronic data by computer. Specifically, ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets

Act of 1968 (the Wiretap Statute), which was primarily designed to prevent unauthorized government access to private electronic

communications. The ECPA also added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications

Act,18 U.S.C. 2701-2712.

Answer D is incorrect. The Fair Credit Reporting Act (FCRA) is an American federal law (codified at 15 U.S.C. 1681 et seq.) that regulates

the collection, dissemination, and use of consumer information, including consumer credit information. Along with the Fair Debt Collection

Practices Act (FDCPA), it forms the base of consumer credit rights in the United States. It was originally passed in 1970, and is enforced by the

US Federal Trade Commission.