When managing vulnerability scans for an organization that processes, stores, or transmits payment card information, adherence to what standard dictates the regularity and scope of the scans by an external party?
Federal Information Security Management Act (FISMA)
Sarbanes-Oxley Act (SOX)
Payment Card Industry Data Security Standard (PCI DSS)
Health Insurance Portability and Accountability Act (HIPAA)