When managing vulnerability scans for an organization that processes, stores, or transmits payment card information, adherence to what standard dictates the regularity and scope of the scans by an external party?
Payment Card Industry Data Security Standard (PCI DSS)
Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
Health Insurance Portability and Accountability Act (HIPAA)