Cybersecurity has been in the focus of US financial regulators over the past several months.
In October this year, the National Futures Association (NFA) unveiled new cybersecurity rules for its members, including Forex brokers, and in November, the New York State Department of Financial Services (NYDFS) sent an official letter to Financial and Banking Information Infrastructure Committee (FBIIC) members, demanding enhancement of cybersecurity defenses within the financial sector.
Today brought one more piece of news in this respect, as the U.S. Commodity Futures Trading Commission (CFTC) has voted unanimously to approve two proposals for amendments to existing regulations regarding cybersecurity testing and safeguards for the automated systems used by critical infrastructures it regulates.
The two proposals oblige all derivatives clearing organizations, designated contract markets, swap execution facilities, and swap data repositories to conduct five types of cybersecurity testing, with the frequency of these testing to be determined by appropriate risk analysis.
The five types of cybersecurity testing are:
- vulnerability testing,
- penetration testing,
- controls testing,
- security incident response plan testing,
- enterprise technology risk assessments.
The proposals also specify minimum testing frequency requirements for all derivatives clearing organizations and swap data repositories and specified designated contract markets, and require them to have certain tests performed by independent contractors.
The proposals are open for public comment during a 60-day comment period after their publication in the Federal Register.
To view the announcement from the CFTC, click here.