Map data types to these compliance frameworks: PCI, HIPAA, SOX
Implementing Cisco Cybersecurity Operations (210-255)
Identify data elements that must be protected with regards to a specific standard
Implementing Cisco Cybersecurity Operations (210-255)
PCI
The Payment Card Industry Data Security Standard (PCI-DSS) is a security framework used by credit and debit card processors and anyone who accepts credit or debit cards
Generally, no payment card data should be stored unless it is necessary to meet the needs of the merchant. Only the primary account number (PAN), expiration date, service code, and cardholder name may be stored. PIN and chip information may never be stored.
HIPAA
Health Insurance Portability and Accountability Act (HIPAA) is a US Federal Law that included two rules related to Cybersecurity. The privacy rule dictates that protected health information (PHI) must be kept confidential. The security rule gives guidelines for the protection of electronic PHI (ePHI). These include backups, encryption and disaster recovery plans. Although primarily targeted at healthcare organizations and insurance companies, HIPAA also applies to any organization that has PHI such as workers compensation records.
SOX
The Sarbanes Oxley Act (SOX) defines standards that publicly traded companies in the US must comply with. These standards include safeguarding information about the financials of a company.