CFTC Unanimously Approves Proposed Enhanced Rules on Cybersecurity for Derivatives Clearing Organizations, Trading Platforms, and Swap Data Repositories
Washington, DC — The U.S. Commodity Futures Trading Commission (Commission) today voted unanimously to approve two proposals for amendments to existing regulations addressing cybersecurity testing and safeguards for the automated systems used by critical infrastructures the Commission regulates. The proposals will be open for public comment during a 60-day comment period after their publication in the Federal Register.
The proposals, to be published in separate Federal Register Notices, identify five types of cybersecurity testing as essential to a sound system safeguards program: (1) vulnerability testing, (2) penetration testing, (3) controls testing, (4) security incident response plan testing, and (5) enterprise technology risk assessments
The two proposals would require all derivatives clearing organizations, designated contract markets, swap execution facilities, and swap data repositories to conduct each of the five types of cybersecurity testing, as frequently as indicated by appropriate risk analysis. In addition, the proposals would specify minimum testing frequency requirements for all derivatives clearing organizations and swap data repositories and specified designated contract markets, and require them to have certain tests performed by independent contractors.
CEO of Bronzeye IBRM
BronzeyeIBRM offers an affordable monthly subscription-based information and cyber security service to SMEs and others.