Major changes are coming again to the Federal Risk and Authorization Management Program ("FedRAMP"), the federal government's cybersecurity authorization program for cloud service providers ("CSPs")....more
4/21/2025
/ Automated Systems ,
Cloud Computing ,
Cybersecurity ,
Data Security ,
FedRAMP ,
Government Agencies ,
Information Technology ,
NIST ,
OMB ,
Regulatory Reform ,
Regulatory Requirements ,
Risk Management
In November 2023, the New York Department of Financial Services (NYDFS) issued its second amendment to its "Cybersecurity Requirements for Financial Services Companies (the Cybersecurity Regulation or Part 500). This was the...more
4/10/2025
/ Chief Information Security Officer (CISO) ,
Compliance ,
Covered Entities ,
Cybersecurity ,
Filing Deadlines ,
Financial Services Industry ,
New Regulations ,
NYDFS ,
Regulatory Requirements ,
Reporting Requirements ,
Risk Management ,
Vulnerability Assessments
Lawmakers expressed bipartisan support for significantly amending or eliminating some cybersecurity incident notification requirements during a recent hearing of the U.S. House Committee on Homeland Security's Subcommittee on...more
The Payment Card Industry Security Standards Council (PCI SSC) has issued an FAQ for ecommerce merchants that outsource their payment card processing to a vendor using an embedded payment page or form (such as an "iframe")....more
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the UK National Cyber Security Centre (UK NCSC), along with partner agencies from 17 nations, have released Guidelines for Secure AI System Development (the...more
12/5/2023
/ Artificial Intelligence ,
Asset Protection ,
Biden Administration ,
Critical Infrastructure Sectors ,
Cyber Threats ,
Cybersecurity ,
Documentation ,
Executive Orders ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Incident Response Plans ,
Infrastructure ,
Machine Learning ,
NCSC ,
NIST ,
Popular ,
Risk Management ,
Supply Chain
The U.S. Securities and Exchange Commission ("SEC") has charged SolarWinds Corp. (SolarWinds) and the company's chief information security officer ("CISO") with securities fraud and violations of internal controls...more
11/20/2023
/ Anti-Fraud Provisions ,
Chief Information Security Officer (CISO) ,
Cybersecurity ,
Enforcement Actions ,
Governance Standards ,
Investors ,
Misleading Statements ,
Negligence ,
NIST ,
Publicly-Traded Companies ,
Risk Management ,
Sarbanes-Oxley ,
Securities Act of 1933 ,
Securities and Exchange Commission (SEC) ,
Securities Exchange Act of 1934 ,
SolarWinds ,
Vulnerability Assessments
Iowa becomes the fourth U.S. state to provide an affirmative defense for companies that adopt a cybersecurity framework -
Iowa is the fourth state—following Ohio, Connecticut, and Utah—to provide a statutory incentive for...more
7/19/2023
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
New Legislation ,
Popular ,
Regulatory Reform ,
Risk Management ,
Safe Harbors ,
State and Local Government ,
State Data Breach Notification Statutes
According to its Spring 2023 rulemaking agenda, the U.S. Securities and Exchange Commission (SEC) has delayed issuance of two sets of cybersecurity requirements that previously were expected to be finalized in April 2023. The...more
6/28/2023
/ Broker-Dealer ,
Business Development Companies ,
Corporate Governance ,
Corporate Strategy ,
Cyber Incident Reporting ,
Cybersecurity ,
Investment Adviser ,
Proposed Rules ,
Publicly-Traded Companies ,
Registered Investment Advisors ,
Regulatory Agenda ,
Risk Management ,
Rulemaking Process ,
Securities and Exchange Commission (SEC)
On June 6, 2023, the Federal Reserve Board of Governors, Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency jointly issued final third-party risk management guidance for supervised...more
The U.S. Securities and Exchange Commission (SEC) appears to have big plans for cybersecurity regulation in 2023....more
The Federal Trade Commission (FTC) recently announced significant new information security requirements for non-bank financial institutions subject to the Gramm-Leach-Bliley Act (GLBA). The new requirements are incorporated...more
The White House released an open letter on June 2, 2021, urging U.S. businesses to take "immediate steps" to protect themselves, their customers, and the broader economy against ransomware attacks. The letter comes amid...more
The Employee Benefits Security Administration (EBSA) of the U.S. Department of Labor (DOL) recently announced its first cybersecurity guidance for retirement plans subject to the Employee Retirement Income Security Act of...more
4/28/2021
/ Benefit Plan Sponsors ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Department of Labor (DOL) ,
EBSA ,
Employee Benefits ,
Employee Retirement Income Security Act (ERISA) ,
Popular ,
Retirement Plan ,
Retirement Plan Providers ,
Risk Management