The Federal Deposit Insurance Corporation (FDIC), the Federal Reserve Board of Governors and the Office of the Comptroller of the Currency (OCC) of the United States have announced the final version of the notification requirements for cybersecurity incidents for banking organizations. In accordance with them, American banks will be required to notify federal regulators of cyber incidents within 36 hours of their discovery.
According to available data, the new rules will enter into force on April 1, 2022, but will not begin to be enforced until May 1. As such, FDIC-supervised financial institutions will be required to notify the agency's designated contact by email, phone, or otherwise “as soon as possible, but no later than 36 hours” after the organization encounters a cybersecurity incident. Banking providers will also be required to notify financial institutions in cases where service is interrupted for more than four hours.
The new rules say that a "security incident" is any event that damages the confidentiality, integrity or availability of information systems. At the same time, "notification incidents" are events that lead to serious business disruptions and prevent banks from operating normally. Computer failures, denial of service (DoS) and ransomware attacks are cited as examples. The new rules oblige financial institutions to notify regulators about incidents, but a full assessment and analysis of the situation will take longer.
0 Comments:
Post a Comment
Your comment and facebook share will be appreciated