FRS

 

Title: Enhanced Cyber Risk Management Standards
Action: Joint advance notice of proposed rulemaking.
Publication Date:  10/26/2016
RIN:    1557-AE06
Document Citation: 12 CFR chapter undef, 12 CFR 30, 12 CFR 364
Docket ID: FRS-2016-0341
Federal Register #: 2016-25871
Comment Due Date: 1/17/2017
Summary: The Board of Governors of the Federal Reserve System (Board), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) (collectively, the agencies) are inviting comment on an advance notice of proposed rulemaking (ANPR) regarding enhanced cyber risk management standards (enhanced standards) for large and interconnected entities under their supervision and those entities’ service providers. The agencies are considering establishing enhanced standards to increase the operational resilience of these entities and reduce the impact on the financial system in case of a cyber event experienced by one of these entities. The ANPR addresses five categories of cyber standards: Cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. The agencies are considering implementing the enhanced standards in a tiered manner, imposing more stringent standards on the systems of those entities that are critical to the functioning of the financial sector.