Q2 2020 Quarterly Update

Edgile ArC Content – Master Source List

The following sources are available immediately for your use July 1, 2020:

Source ID SourceName SourceGroup SourceJurisdiction
292 American Chemistry Council – Responsible Care: Security Code of Management Practices Chemical US
309 DHS – Chemical Facility Anti-Terrorism Standards – Risk-Based Performance Standards Guidance Chemical US
2 COBIT 4.1 Cross-Industry Global
140 COBIT 5 Cross-Industry Global
147 AICPA Trust Principles Cross-Industry Global
152 Committee of Sponsoring Organizations of the Treadway Commission: Internal Control – Integrated Framework Cross-Industry Global
153 Cybersecurity Capability Maturity Model (C2M2) Version 1.1 Cross-Industry Global
246 Cloud Security Alliance – Cloud Controls Matrix v3.0.1 Cross-Industry US
278 CAN-SPAM Act of 2003 Cross-Industry US
279 16 CFR 316 – CAN-SPAM Rule Cross-Industry US
291 US-CERT Cyber Resilience Review (CRR) Cross-Industry US
326 NSA/CSS – Information Assurance Directorate – NSA Methodology for Adversary Obstruction Cross-Industry US
586 AICPA – TSP Section 100 2017 Trust Services Criteria Cross-Industry Global
288 CIS Critical Security Controls v6.1 Cross-Industry – CIS US
483 CIS Controls Version 7 Cross-Industry – CIS US
540 CIS Controls Version 7.1 Cross-Industry – CIS US
28 ISO/IEC 27005:2011 – Information technology Security techniques – Information security risk management Cross-Industry – ISO Global
132 ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements Cross-Industry – ISO Global
133 ISO/IEC 27002:2013 – Information technology – Security techniques – Code of practice for information security controls Cross-Industry – ISO Global
480 ISO/IEC 27017:2015 – Information technology – Security techniques – Code of practice for information security controls based on ISO/IEC 27002 for cloud services Cross-Industry – ISO Global
541 ISO 13485: 2016 – Medical Devices – Quality Management Systems – Requirements For Regulatory Purposes Cross-Industry – ISO Global
578 ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements – Annex A Cross-Industry – ISO

 

Global
247 Payment Card Industry Data Security Standard (PCI DSS) 3.2 – Requirements and Security Assessment Procedures Cross-Industry – PCI Global – PCI
268 PCI Mobile Payment Acceptance Security Guidelines (07/14) Cross-Industry – PCI Global – PCI
269 PCI DSS Risk Assessment Guidelines (11/12) Cross-Industry – PCI Global – PCI
270 PCI Best Practices for Implementing a Security Awareness Program (10/14) Cross-Industry – PCI Global – PCI
271 PCI DSS Cloud Computing Guidelines (02/13) Cross-Industry – PCI Global – PCI
298 PCI Terminal Software Security Cross-Industry – PCI Global – PCI
299 PCI Tokenization Product Security Guidelines Cross-Industry – PCI Global – PCI
300 PCI Mobile Payment Acceptance Security Guidelines for Developers (07/14) Cross-Industry – PCI Global – PCI
301 PCI – Skimming Prevention – Best Practices for Merchants Cross-Industry – PCI Global – PCI
302 PCI ATM Security Guidelines Cross-Industry – PCI Global – PCI
303 PCI Card Production and Provisioning – Logical Security Requirements v2.0 Cross-Industry – PCI Global – PCI
304 PCI Card Production and Provisioning – Physical Security Requirements v2.0 Cross-Industry – PCI Global – PCI
305 PCI Effective Daily Log Monitoring Cross-Industry – PCI Global – PCI
306 PCI DSS Wireless Guidelines v2.0 Cross-Industry – PCI Global – PCI
307 PCI Penetration Testing Guidance Cross-Industry – PCI Global – PCI
308 PCI Third-Party Security Assurance Cross-Industry – PCI Global – PCI
489 PCI DSS Cloud Computing Guidelines (2018) Cross-Industry – PCI Global – PCI
565 PCI Software Security Framework – Secure Software Requirements and Assessment Procedures v 1.0 Cross-Industry – PCI Global – PCI
566 PCI Software Security Framework – Secure Software Lifecycle (Secure SLC) Requirements and Assessment Procedures v1.0 Cross-Industry – PCI Global – PCI
24 International Privacy – India Information Technology (Amendment) Act 2008 and Privacy Rules Cross-Industry – Privacy India
70 AK – Personal Information Protection Act Cross-Industry – Privacy US State – Alaska
71 AZ – Data Security Breaches Cross-Industry – Privacy US State – Arizona
72 AR – Personal Information Protection Act Cross-Industry – Privacy US State – Arkansas
73 CA – Business and Professions Code Sections 22575 – 22579 Cross-Industry – Privacy US State – California
74 CA – Confidentiality of Medical Information Act Cross-Industry – Privacy US State – California
75 CA – Information Practices Act of 1977 Cross-Industry – Privacy US State – California
76 CO – Consumer Protection Act Cross-Industry – Privacy US State – Colorado
77 CT – Sec. 36a-701b. Breach of security re computerized data containing personal information. Disclosure of breach. Delay for criminal investigation. Means of notice. Unfair trade practice. Cross-Industry – Privacy US State – Connecticut
78 DE – Title 6 Chapter 12B. Computer Security Breaches Cross-Industry – Privacy US State – Delaware
79 DC – Notification of security breach Cross-Industry – Privacy US State – District of Columbia
80 FL – Chapter 817.5681 – Breach of security concerning confidential personal information in third-party possession; administrative penalties Cross-Industry – Privacy US State – Florida
81 GA – Breach of the security of the system Cross-Industry – Privacy US State – Georgia
82 HI – Security Breach of Personal Information Cross-Industry – Privacy US State – Hawaii
83 ID – Chapter 51  Identity Theft Cross-Industry – Privacy US State – Idaho
84 IL – Personal Information Protection Act Cross-Industry – Privacy US State – Illinois
85 IN – Chapter 3. Disclosure and Notification Requirements Cross-Industry – Privacy US State – Indiana
86 IA  Chapter 715 C  Personal Information Security Breach Protection Cross-Industry – Privacy US State – Iowa
87 KS – Chapter 50: Article 7a: Protection Of Consumer Information Cross-Industry – Privacy US State – Kansas
88 LA – Database Security Breach Notification Law Cross-Industry – Privacy US State – Louisiana
89 ME – Chapter 210-B: Notice of Risk to Personal Data Cross-Industry – Privacy US State – Maine
90 MD – Title 14, Subtitle 35 – MD Personal Information Protection Act Cross-Industry – Privacy US State – Maryland
91 MA – Act 2007  Chapter 82: An Act Relative to Security Freezes and Notification of Data Breaches Cross-Industry – Privacy US State – Massachusetts
92 MA – 201 CMR 17.00 Standards for the Protection of Personal Information of Residents of Commonwealth Cross-Industry – Privacy US State – Massachusetts
93 MI – Identity Theft Protection Act Cross-Industry – Privacy US State – Michigan
94 MN – 325E.64  Access Devices; Breach of Security Cross-Industry – Privacy US State – Minnesota
95 MN – 325E.61  Data Warehouses; Notice Required for Certain Disclosures Cross-Industry – Privacy US State – Minnesota
96 MS – 75-24-29. Persons conducting business in MS required to provide notice of a breach of security involving personal information to all affected individuals; enforcement Cross-Industry – Privacy US State – Mississippi
97 MO – MO-407.1500.1 Notice to consumer for breach of security, procedure–attorney general may bring action for damages Cross-Industry – Privacy US State – Missouri
98 MT – Impediment of Identity Theft Cross-Industry – Privacy US State – Montana
99 NE – Financial Data Protection and Consumer Notification of Data Security Breach Act of 2006 Cross-Industry – Privacy US State – Nebraska
100 NV – Chapter 603A  Security of Personal Information Cross-Industry – Privacy US State – Nevada
101 NH – Chapter 359-C  Right to Privacy Cross-Industry – Privacy US State – New Hampshire
102 NJ – Identity Theft Prevention Act Cross-Industry – Privacy US State – New Jersey
103 NY – Notification;  person without valid authorization has acquired private information. Cross-Industry – Privacy US State – New York
104 NC – Identity Theft Protection Act Cross-Industry – Privacy US State – North Carolina
105 ND – Chapter 51-30  Notice of Security Breach for Personal Information Cross-Industry – Privacy US State – North Dakota
106 OH – 1349.19 Private disclosure of security breach of computerized personal information data Cross-Industry – Privacy US State – Ohio
107 OK – Security Breach Notification Act Cross-Industry – Privacy US State – Oklahoma
108 OR – 646A – Identity Theft Prevention Cross-Industry – Privacy US State – Oregon
109 RI – CHAPTER 11-49.2 Identity Theft Protection Cross-Industry – Privacy US State – Rhode Island
110 SC – 39-1-90. Breach of security of business data; notification; definitions; penalties; exception as to certain banks and financial institutions; notice to Consumer Protection Division Cross-Industry – Privacy US State – South Carolina
111 TN – Title 47  Commercial Instruments and Transactions Chapter 18  Consumer Protection Part 21  Identity Theft Cross-Industry – Privacy US State – Tennessee
112 TX – Title 11. Personal Identity Information – Subtitle B. Identity Theft  Chapter 521. Unauthorized Use of Identifying Information Cross-Industry – Privacy US State – Texas
113 UT – Protection of Personal Information Act Cross-Industry – Privacy US State – Utah
114 VT – 9 V.S.A. – Section 2445. Safe destruction of documents containing personal information Cross-Industry – Privacy US State – Vermont
115 VT – Security Breach Notice Act Cross-Industry – Privacy US State – Vermont
116 VT – Social Security Number Protection Act Cross-Industry – Privacy US State – Vermont
117 VA – 18.2-186.6. Breach of personal information notification Cross-Industry – Privacy US State – Virginia
118 WA – RCW 19.255.010 – Disclosure, notice  Definitions  Rights, remedies Cross-Industry – Privacy US State – Washington
119 WA – RCW 42.56.590 – Personal information  Notice of security breaches Cross-Industry – Privacy US State – Washington
120 WV – Chapter 46A. West VA Consumer Credit and Protection Act  Article 2A. Breach of Security of Consumer Information Cross-Industry – Privacy US State – West Virginia
121 WI – 134.98 Notice of unauthorized acquisition of personal information Cross-Industry – Privacy US State – Wisconsin
122 WY – Consumer Protection Act Cross-Industry – Privacy US State – Wyoming
143 Privacy and Electronic Communications (EC Directive) Regulations 2003 Cross-Industry – Privacy United Kingdom
144 UK Data Protection Act of 1998 Cross-Industry – Privacy United Kingdom
225 CA – Electronic Communications Privacy Act Cross-Industry – Privacy US State – California
226 CT – Public Act No. 15-142 – An Act Improving Data Security and Agency Effectiveness Cross-Industry – Privacy US State – Connecticut
235 16 CFR 312 – Children’s Online Privacy Protection Rule Cross-Industry – Privacy US
236 Childrens Online Privacy Protection Act Cross-Industry – Privacy US
238 Fair Credit Reporting Act Cross-Industry – Privacy US
273 EU-US Privacy Shield Framework Cross-Industry – Privacy EU-US
277 PA – Breach of Personal Information Notification Act Cross-Industry – Privacy US State – Pennsylvania
310 Regulation (EU) 2016/679 of the European Parliament and of the Council of the European Union (GDPR – General Data Protection Regulation) Cross-Industry – Privacy EU
333 Swiss-US Privacy Shield Framework Cross-Industry – Privacy Switzerland-US
334 APEC Privacy Framework Cross-Industry – Privacy Global – APEC
335 APEC Privacy Framework 2015 Cross-Industry – Privacy Global – APEC
336 APEC Cooperation Arrangement for Cross-Border Privacy Enforcement Cross-Industry – Privacy Global – APEC
337 APEC Cross-Border Privacy Rules System Cross-Industry – Privacy Global – APEC
338 APEC Privacy Recognition for Processors System Cross-Industry – Privacy Global – APEC
339 APEC CBPR System Intake Questionnaire Cross-Industry – Privacy Global – APEC
340 APEC PRP Intake Questionnaire for Personal Information Processors Cross-Industry – Privacy Global – APEC
440 CT – State Contractors Confidential Information Cross-Industry – Privacy US State – Connecticut
441 FL – Security of confidential personal information Cross-Industry – Privacy US State – Florida
442 GA – Disclosure of Certain Customer Information Cross-Industry – Privacy US State – Georgia
443 IL – Personal Information Protection Act (2016) Cross-Industry – Privacy US State – Illinois
444 IN – Notice of Security Breach Cross-Industry – Privacy US State – Indiana
445 KY – Records Containing Personally Identifiable Information Cross-Industry – Privacy US State – Kentucky
446 KY – Personal Information Security and Breach Investigations Cross-Industry – Privacy US State – Kentucky
447 MD – Protection of Information by State Agencies Cross-Industry – Privacy US State – Maryland
448 MA – Security Breaches Cross-Industry – Privacy US State – Massachusetts
449 MT – State Agency Protection of Personal Information Cross-Industry – Privacy US State – Montana
450 MT – Computer Security Breach Cross-Industry – Privacy US State – Montana
451 NV – Breach of State Agency Information System Cross-Industry – Privacy US State – Nevada
452 NM – Data Breach Notification Act Cross-Industry – Privacy US State – New Mexico
453 NY – Internet Security and Privacy Act Cross-Industry – Privacy US State – New York
454 OH – Personal Information Systems Cross-Industry – Privacy US State – Ohio
455 OK – Disclosure of breach of security of computerized personal information Cross-Industry – Privacy US State – Oklahoma
456 RI – RI Identity Theft Protection Act of 2015 Cross-Industry – Privacy US State – Rhode Island
457 TN – Report to comptroller of treasury Cross-Industry – Privacy US State – Tennessee
458 AK – Personal Information Protection Act – Disposal of Records Cross-Industry – Privacy US State – Alaska
459 AZ – Discard and Disposal of Personal Identifying Information Records Cross-Industry – Privacy US State – Arizona
460 CT – Protection of Social Security Numbers and Personal Information Cross-Industry – Privacy US State – Connecticut
461 DE – Safe Destruction of Records Containing Personal Identifying Information Cross-Industry – Privacy US State – Delaware
462 DE – Right to Inspect Personnel Files Act Cross-Industry – Privacy US State – Delaware
463 GA – Disposal of business records containing personal information Cross-Industry – Privacy US State – Georgia
464 IL – Data Security on State Computers Act Cross-Industry – Privacy US State – Illinois
465 IN – Persons Holding a Customer’s Personal Information Cross-Industry – Privacy US State – Indiana
466 KS – Holders of Personal Information Cross-Industry – Privacy US State – Kansas
467 MA – Dispositions and Destruction of Records Cross-Industry – Privacy US State – Massachusetts
468 NY – Disposal of records containing personal identifying information Cross-Industry – Privacy US State – New York
469 RI – Safe Destruction of Documents Containing Personal Information Cross-Industry – Privacy US State – Rhode Island
470 SC – Family and Personal Identifying Information Privacy Protection Cross-Industry – Privacy US State – South Carolina
471 SC – Consumer Identity Theft Protection Cross-Industry – Privacy US State – South Carolina
472 TN – Identity Theft Victims’ Rights Act of 2004 Cross-Industry – Privacy US State – Tennessee
473 TX – Disposal of Business Records Cross-Industry – Privacy US State – Texas
474 WA – Disposal of Personal Information Cross-Industry – Privacy US State – Washington
475 WI – Disposal of records containing personal information Cross-Industry – Privacy US State – Wisconsin
484 SD – SD Data Breach Notification Act Cross-Industry – Privacy US State – South Dakota
493 AL – AL Data Breach Notification Act of 2018 Cross-Industry – Privacy US State – Alabama
495 CA – California Consumer Privacy Act of 2018 Cross-Industry – Privacy US State – California
496 OH – Data Breach Safe Harbor Cross-Industry – Privacy US State – Ohio
497 VT – Data Brokers and Consumer Protection Act Cross-Industry – Privacy US State – Vermont
499 CA – Security of Connected Devices Cross-Industry – Privacy US State – California
511 Guam – Notification of Breaches of Personal Information Cross-Industry – Privacy US Territory – Guam
512 Puerto Rico – Citizen Information on Data Banks Security Act Cross-Industry – Privacy US Territory – Puerto Rico
513 US Virgin Islands – Identity Theft Prevention Act Cross-Industry – Privacy US Territory – US Virgin Islands
553 NY – New York SHIELD Act Cross-Industry – Privacy US State – New York
554 Canada – PIPEDA Cross-Industry – Privacy Canada
563 CA – California Data Broker Registration Act Cross-Industry – Privacy US State – California
575 Canada – Quebec – Privacy Act Cross-Industry – Privacy Canada
576 Canada – Alberta – Personal Information Protection Act Cross-Industry – Privacy Canada
577 Canada – British Columbia – Personal Information Protection Act Cross-Industry – Privacy Canada
579 CA – California Consumer Privacy Act Regulations Cross-Industry – Privacy US State – California
280 34 CFR 99 – Family Educational Rights and Privacy Education US
587 PTAC Data Security Checklist Education US
43 NERC CIP-008-5  Cyber Security – Incident Reporting and Response Planning Energy US
55 10 CFR 73.54 – Protection of digital computer and communication systems and networks Energy US
204 NERC CIP-002-5.1  Cyber Security – BES Cyber System Categorization Energy US
207 NERC CIP-003-6  Cyber Security – Security Management Controls Energy US
210 NERC CIP-004-6  Cyber Security – Personnel & Training Energy US
213 NERC CIP-006-6  Cyber Security – Physical Security of BES Cyber Systems Energy US
216 NERC CIP-007-6  Cyber Security – System Security Management Energy US
219 NERC CIP-009-6  Cyber Security – Recovery Plans for BES Cyber Systems Energy US
220 NERC CIP-010-2  Cyber Security – Configuration Change Management and Vulnerability Assessments Energy US
221 NERC CIP-011-2  Cyber Security – Information Protection Energy US
223 NERC CIP-014-2  Cyber Security – Physical Security Energy US
316 NEI 08-09 [Rev. 6] Cyber Security Plan for Nuclear Power Reactors Energy US
317 10 CFR 73.54 – Protection of digital computer and communication systems and networks (NRC) Energy US
318 10 CFR 73.77 – Cyber security event notifications (NRC) Energy US
319 DOE Electricity Subsector Cybersecurity Risk Management Process Energy US
506 NERC CIP-013-1  Cyber Security – Supply Chain Risk Management Energy US
581 NERC CIP-005-6  Cyber Security – Electronic Security Perimeter(s) Energy US
582 NERC CIP-008-6  Cyber Security – Incident Reporting and Response Planning Energy US
583 NERC CIP-010-3  Cyber Security – Configuration Change Management and Vulnerability Assessments Energy US
584 NERC CIP-012-1  Cyber Security – Communications Between Control Centers Energy US
68 21 CFR 11  Electronic Records; Electronic Signatures FDA US
69 21 CFR 820  Quality System Regulation FDA US
274 21 CFR 21 – Protection of Privacy FDA US
325 FDA – Postmarket Management of Cybersecurity in Medical Devices FDA US
485 21 CFR Subchapter H – Medical Devices (FDA) FDA US
486 FDA – Software as a Medical Device – Guidance FDA US
487 FDA – Cybersecurity for Networked Medical Devices Containing OTS Software FDA US
52 NIST SP 800-53 r4 – Security and Privacy Controls for Federal Information Systems and Organizations Federal US
53 NIST SP 800-53A – Federal IS Test Procedures Federal US
228 FIPS Publication 199 – Standards for Security Categorization of Federal Information and Information Systems Federal US
229 FIPS Publication 200 – Minimum Security Requirements for Federal Information and Information Systems Federal US
231 OMB Circular A-123, Managements Responsibility for Internal Control Federal US
232 Federal Information Systems Controls Audit Manual (FISCAM) – 2009 Federal US
250 NIST SP 800-14 – Generally Accepted Principles and Practices for Securing Information Technology Systems Federal US
251 NIST SP 800-16 – Information Technology Security Training Requirements Federal US
252 NIST SP 800-18 Rev1 – Guide for Developing Security Plans for Federal Information Systems Federal US
254 NIST SP 800-34 Rev1 – Contingency Planning Guide for Federal Information Systems Federal US
255 NIST SP 800-37 Rev1 – Guide for Applying the Risk Management Framework to Federal Information Systems Federal US
256 NIST SP 800-47 – Security Guide for Interconnecting Information Technology Systems Federal US
257 NIST SP 800-60 – Guide for Mapping Types of Information and Information Systems to Security Categories Federal US
258 NIST SP 800-61 – Computer Security Incident Handling Guide Federal US
260 NIST SP 800-81-2 – Secure Domain Name System (DNS) Deployment Guide Federal US
261 NIST SP 800-122 – Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) Federal US
262 NIST SP 800-123 – Guide to General Server Security Federal US
263 NIST SP 800-125 – Guide to Security for Full Virtualization Technologies Federal US
265 NIST SP 800-128 – Guide for Security-Focused Configuration Management of Information Systems Federal US
266 NIST SP 800-137 – Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations Federal US
267 NIST SP 800-144 – Guidelines on Security and Privacy in Public Cloud Computing Federal US
275 Federal Information Security Management Act Federal US
282 OMB Circular A-130 – Management of Federal Information Resources Federal US
293 NIST SP 800-82 – Guide to Industrial Control Systems (ICS) Security Rev 2 Federal US
295 NIST SP 800-160 – Systems Security Engineering Federal US
490 NIST – Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1) Federal US
491 NIST SP 800-171 Rev 1 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Federal US
492 NIST SP 800-171A – Assessing Security Requirements for Controlled Unclassified Information Federal US
500 NIST SP 800-86 – Guide to Integrating Forensic Techniques into Incident Response Federal US
501 NIST SP 800-92 – Guide to Computer Security Log Management Federal US
502 NIST SP 800-94 – Guide to Intrusion Detection and Prevention Systems (IDPS) Federal US
503 NIST SP 800-115 – Technical Guide to Information Security Testing and Assessment Federal US
504 NIST FIPS 201 Personal Identity Verification (PIV) of Federal Employees and Contractors Federal US
505 NIST FIPS 140-2 Security Requirements for Cryptographic Modules Federal US
510 NIST SP 800-37 Rev 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy Federal US
559 NIST SP 800-175A – Guideline for Using Cryptographic Standards in the Federal Government: Directives, Mandates and Policies Federal US
560 NIST SP 800-175B – Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms Federal US
569 NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management v1.0 Federal US
571 DoD Cybersecurity Maturity Model Certification (CMMC) v1.0 Federal US
572 Sarbanes-Oxley Act Federal US
574 NIST SP 800-171 Rev 2 – Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations Federal US
580 NIST SP 800-175B Rev1 – Guideline for Using Cryptographic Standards in the Federal Government: Cryptographic Mechanisms Federal US

 

272 DHS Sensitive Systems Policy Directive 4300A v12.01 (02/16) Federal – DHS US
311 33 CFR Subchapter H – Maritime Security Federal – DHS US
312 6 CFR 27 – Chemical Facility Anti-Terrorism Standards Federal – DHS US
289 IRS Publication 1075 (2016) Federal – IRS US
567 IRS Publication 4812 (10/19) Federal – IRS US
145 CBEST Threat Intelligence Framework, Qualities of a threat intelligence provider Financial United Kingdom
146 CBEST Implementation Guide Financial United Kingdom
148 Basel Committee on Banking Supervision: Core Principles for Effective Banking Supervision Financial Global
149 Basel Committee on Banking Supervision: Principles for Effective Risk Data Aggregation and Risk Reporting Financial Global
234 Consumer Financial Protection Act Financial US
237 Right to Financial Privacy Act Financial US
241 17 CFR Chapter IV – Department of the Treasury Regulations Financial US
242 16 CFR 313 – Privacy of Consumer Financial Information Financial US
243 16 CFR 314 – Standards for Safeguarding Customer Information Financial US
244 Bank Secrecy Act Financial US
276 Basel Committee on Banking Supervision: Principles for the Sound Management of Operational Risk Financial Global
290 NY – NYDFS – 23 NYCRR 500 – Cybersecurity Requirements for Financial Services Companies Financial US State – New York
294 CPMI-IOSCO – Guidance on Cyber Resilience for Financial Market Infrastructures Financial Global
313 CBEST Intelligence-Led Testing – Understanding Cyber Threat Intelligence Operations v2.0 Financial United Kingdom
314 CBEST Intelligence-Led Testing – CBEST Services Assessment Guide v2.0 Financial United Kingdom
315 CBEST Intelligence-Led Testing – CBEST Implementation Guide v2.0 Financial United Kingdom
477 Singapore MAS Technology Risk Management Notice FAA-N18 Financial Singapore
478 CO – CO Division of Securities Cybersecurity Regulations Financial US State – Colorado
479 CSSF Circular 17-654 Financial Luxembourg
481 VT – VT Securities Regulations – Regulation S-2016-01 (Revised) Financial US State – Vermont
570 SWIFT Customer Security Controls Framework v2020 Financial Global
233 12 CFR Chapter X – Bureau of Consumer Financial Protection Regulations Financial – CFPB US
134 17 CFR 38 Subpart K  Trade Information Financial – CFTC US
135 17 CFR 38 Subpart U  System Safeguards Financial – CFTC US
136 17 CFR 39 Subpart B  Compliance with Core Principles Financial – CFTC US
137 17 CFR 39 Subpart C  Provisions Applicable to Systemically Important Derivatives Clearing Organizations Financial – CFTC US
138 17 CFR 49  Swap Data Repositories Financial – CFTC US
139 17 CFR 37 Subpart O – System Safeguards Financial – CFTC US
239 17 CFR Chapter I – Commodity Futures Trading Commission Regulations Financial – CFTC US
284 17 CFR 37 Subpart O – System Safeguards (2016) Financial – CFTC US
285 17 CFR 38 Subpart U – System Safeguards (2016) Financial – CFTC US
286 17 CFR 39 Subpart B – System Safeguards (2016) Financial – CFTC US
287 17 CFR 49 – System Safeguards (2016) Financial – CFTC US
561 12 CFR Chapter VI – Farm Credit Administration – Subchapter B – Farm Credit System Financial – FCA US
562 12 CFR Chapter XIV – Farm Credit System Insurance Corporation Financial – FCA US
3 FFIEC IT Examination Handbook – Audit Financial – FFIEC US
4 FFIEC  Authentication in an Internet Banking Environment Financial – FFIEC US
5 FFIEC IT Examination Handbook  Business Continuity Planning Financial – FFIEC US
6 FFIEC IT Examination Handbook  Development and Acquisition Financial – FFIEC US
9 FFIEC IT Examination Handbook – Operations Financial – FFIEC US
10 FFIEC IT Examination Handbook  Outsourcing Technology Services Financial – FFIEC US
12 FFIEC IT Examination Handbook  E-Banking Financial – FFIEC US
13 FFIEC – Supplement to Authentication in an Internet Banking Environment Financial – FFIEC US
123 FFIEC – Outsourced Cloud Computing Financial – FFIEC US
128 Federal Reserve Board Guidance on Managing Outsourcing Risk Financial – FFIEC US
198 FFIEC Cybersecurity Assessment Tool Financial – FFIEC US
200 FRB-OCC-SEC – Interagency Paper on Sound Practices to Strengthen the Resilience of the U. S. Financial System Financial – FFIEC US
227 FFIEC IT Examination Handbook – Management 2015 Financial – FFIEC US
249 FFIEC IT Examination Handbook – Retail Payment Systems (2016) Financial – FFIEC US
281 FFIEC IT Examination Handbook: Supervision of Technology Service Providers (2012) Financial – FFIEC US
283 FFIEC IT Examination Handbook – Information Security (09-16) Financial – FFIEC US
568 FFIEC IT Examination Handbook – Business Continuity Management (2019) Financial – FFIEC US
573 FFIEC IT Examination Handbook – Wholesale Payment Systems Financial – FFIEC US
327 FINRA Rules Financial – FINRA US – FINRA
328 FINRA – Capital Acquisition Broker Rules Financial – FINRA US – FINRA
329 FINRA – Funding Portal Rules Financial – FINRA US – FINRA
60 12 CFR 202  Equal Credit Opportunity (Regulation B) Financial – FRB US
130 12 CFR 201  Extensions of Credit by Federal Reserve Banks (Regulation A) Financial – FRB US
151 12 CFR 252  Enhanced Prudential Standards (Regulation YY) Financial – FRB US
154 12 CFR 203 – Home Mortgage Disclosure (Regulation C) Financial – FRB US
155 12 CFR 204 – Reserve Requirements of Depository Institutions (Regulation D) Financial – FRB US
156 12 CFR 205 – Electronic Fund Transfers (Regulation E) Financial – FRB US
157 12 CFR 206 – Limitations on Interbank Liabilities (Regulation F) Financial – FRB US
158 12 CFR 207 – Disclosure and Reporting of CRA-Related Events (Regulation G) Financial – FRB US
159 12 CFR 208 – Membership of State Banking Institutions in the Federal Reserve System (Regulation H) Financial – FRB US
160 12 CFR 209 – Issue and Cancellation of Federal Reserve Bank Capital Stock (Regulation I) Financial – FRB US
161 12 CFR 210 – Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers through Fedwire (Regulation J) Financial – FRB US
162 12 CFR 211 – International Banking Operations (Regulation K) Financial – FRB US
163 12 CFR 212 – Management Official Interlocks (Regulation L) Financial – FRB US
164 12 CFR 213 – Consumer Leasing (Regulation M) Financial – FRB US
165 12 CFR 214 – Relations with Foreign Banks and Bankers (Regulation N) Financial – FRB US
166 12 CFR 215 – Loans to Executive Officers, Directors, and Principal  Shareholders of Member Banks (Regulation O) Financial – FRB US
167 12 CFR 217 – Capital Adequacy of Bank Holding Companies, Savings and Loan Holding Companies, and State Member Banks (Regulation Q) Financial – FRB US
168 12 CFR 218 – Exceptions for Banks from the Definition of Broker in the Securities Exchange Act of 1934 (Regulation R) Financial – FRB US
169 12 CFR 219 – Reimbursement to Financial Institutions for Providing Financial Records; Recordkeeping Requirements for Certain Financial Records (Regulation S) Financial – FRB US
170 12 CFR 220 – Credit by Brokers and Dealers (Regulation T) Financial – FRB US
171 12 CFR 221 – Credit by Banks and Persons other than Brokers or Dealers for the Purpose of Purchasing or Carrying Margin Stock (Regulation U) Financial – FRB US
172 12 CFR 222 – Fair Credit Reporting (Regulation V) Financial – FRB US
173 12 CFR 223 – Transactions between Member Banks and Their Affiliates (Regulation W) Financial – FRB US
174 12 CFR 224 – Borrowers of Securities Credit (Regulation X) Financial – FRB US
175 12 CFR 225 – Bank Holding Companies and Change in Bank Control (Regulation Y) Financial – FRB US
176 12 CFR 226 – Truth in Lending (Regulation Z) Financial – FRB US
178 12 CFR 228 – Community Reinvestment (Regulation BB) Financial – FRB US
179 12 CFR 229 – Availability of Funds and Collection of Checks (Regulation CC) Financial – FRB US
180 12 CFR 231 – Netting Eligibility for Financial Institutions (Regulation EE) Financial – FRB US
181 12 CFR 232 – Obtaining and Using Medical Information in Connection with Credit (Regulation FF) Financial – FRB US
182 12 CFR 233 – Prohibition on Funding of Unlawful Internet Gambling (Regulation GG) Financial – FRB US
183 12 CFR 234 – Designated Financial Market Utilities (Regulation HH) Financial – FRB US
184 12 CFR 235 – Debit Card Interchange Fees and Routing (Regulation II) Financial – FRB US
185 12 CFR 237 – Margin and Capital Requirements for Covered Swap Entities (Regulation KK) Financial – FRB US
186 12 CFR 238 – Savings and Loan Holding Companies (Regulation LL) Financial – FRB US
187 12 CFR 239 – Mutual Holding Companies (Regulation MM) Financial – FRB US
188 12 CFR 240 – Retail Foreign Exchange Transactions (Regulation NN) Financial – FRB US
189 12 CFR 241 – Securities Holding Companies (Regulation OO) Financial – FRB US
190 12 CFR 242 – Definitions Relating to Title I of the Dodd-Frank Act (Regulation PP) Financial – FRB US
191 12 CFR 243 – Resolution Plans (Regulation QQ) Financial – FRB US
192 12 CFR 244 – Credit Risk Retention (Regulation RR) Financial – FRB US
193 12 CFR 246 – Supervision and Regulation Assessments of Fees (Regulation TT) Financial – FRB US
194 12 CFR 248 – Proprietary Trading and Certain Interests in and Relationships with Covered Funds  (Regulation VV) Financial – FRB US
195 12 CFR 249 – Liquidity Risk Measurement Standards (Regulation WW) Financial – FRB US
196 12 CFR 251 – Concentration Limit (Regulation XX) Financial – FRB US
14 12 CFR 30  Appendix B  Interagency Guidelines Establishing Standards for Safeguarding Customer Information (GLBA) Financial – OCC US
129 OCC Bulletin 2013-29 (Subject: Third-Party Relationships) Financial – OCC US
150 12 CFR 30  OCC Heightened Standards for Large Banks Financial – OCC US
240 17 CFR Chapter II – Securities and Exchange Commission Regulations Financial – SEC US
22 25 CFR 542.16 & 25 CFR 543.16 – Indian Gaming Control – Minimum Internal Control Standards for IT Gaming US
29 LA State Police Gaming Enforcement Division – CPA Minimum Internal Controls Questionnaire Gaming US State – Louisiana
56 NV – MICS 1-28 Checklist Gaming US State – Nevada
57 NV – MICS 29-55 Checklist Gaming US State – Nevada
58 OH – 3772-10-15 Information technology standards. Gaming US State – Ohio
61 IL – Gaming Control Board  Minimum Internal Control Standards – 03232010 (MICS) Gaming US State – Illinois
62 MO – Gaming Control  Chapter S  Minimum Internal Control Standards  0602011 (MICS) Gaming US State – Missouri
63 NV – Gaming Control Board  Minimum Internal Control Standards – Information Technology v6 09012008 (MICS) Gaming US State – Nevada
64 NJ – Gaming Control  13:69D 1.11 (Casino Licensees Organization)  Minimum Internal Control Standards  11072011 (MICS) Gaming US State – New Jersey
65 NJ – Gaming Control  Subchapter 2 (Casino Computer Systems)  Minimum Internal Control Standards  07052005 (MICS) Gaming US State – New Jersey
67 LA – Louisiana Gaming  Title 42 Gaming US State – Louisiana
320 NV – Gaming Control Board – Minimum Internal Control Standards – Information Technology – v7 – 2014 Gaming US State – Nevada
321 NV – Gaming Control Board – CPA MICS Compliance Checklist – IT v7 Gaming US State – Nevada
322 IL – Gaming Board – Minimum Internal Control Standards 2016 Gaming US State – Illinois
323 NJ – Gaming Control 13:69D-1.11 (Casino Licensees Organization) 2014 Gaming US State – New Jersey
324 NJ – Gaming Control 13:69D-2 (Casino Computer Systems) 2014 Gaming US State – New Jersey
546 CA – California Gaming Control Commission – MICS Gaming US State – California
547 CA – Tribal-State Gaming Compact Between the State of California and Wilton Rancheria Gaming US State – California
548 IN – Indiana Gaming Commission – MICS Gaming US State – Indiana
549 IA – Iowa Racing and Gaming Commission – MICS Gaming US State – Iowa
550 KS – Kansas Racing and Gaming Commission – MICS Gaming US State – Kansas
551 MS – Mississippi Gaming Commission – MICS Gaming US State – Mississippi
552 PA – Pennsylvania Gaming Control Board – MICS Gaming US State – Pennsylvania
15 45 CFR 164  Security and Privacy (HIPAA) Health US
49 NIST SP 800-30 – Risk Management Guide for Information Technology Systems Health US
50 NIST SP 800-39 – Managing Information Security Risk Health US
54 NIST SP 800-66 – An Introductory Resource Guide for Implementing HIPAA Security Health US
66 The Joint Commission July 1 2012 Health US
131 OK – OK Statutes – 76.19-76.20 – Medical Records Health US State – Oklahoma
224 16 CFR 318 – Health Breach Notification Rule (FTC) Health US
296 HIPAA Audit Protocol (2016) Health US
297 42 CFR 2 – Confidentiality of Substance Use Disorder Patient Records Health US
341 AL – Medical Record Services Health US State – Alabama
342 AL – Guidelines for Medical Records Management Health US State – Alabama
343 AL – Minimum Standards for Medical Records Health US State – Alabama
344 AK – Health Care Services Information and Review Organizations Health US State – Alaska
345 AK – Hospital records retention Health US State – Alaska
346 AK – Confidential records Health US State – Alaska
347 AK – Records of alcoholics, drug abusers, and intoxicated persons Health US State – Alaska
348 AK – Medical Record Service Health US State – Alaska
349 AZ – Evidence – Medical Records Health US State – Arizona
350 AZ – Medical Records Health US State – Arizona
351 AZ – Health Information Organizations Health US State – Arizona
352 AR – Access to medical records Health US State – Kansas
353 AR – Patient Medical Records Privacy Act Health US State – Kansas
354 AR – Health Information Services Health US State – Kansas
355 CA – Confidentiality of Medical Information Act Health US State – California
356 CA – Unauthorized Access to Medical Information Health US State – California
357 CA – Patient Access to Health Records Health US State – California
358 CA – Medical Records Health US State – California
359 CO – Protection of Medical Records Health US State – Colorado
360 CO – Patient Records Health US State – Colorado
361 CO – Mental health records Health US State – Colorado
362 CO – Access to Patient Medical Records Health US State – Colorado
363 CT – Confidentiality of medical records Health US State – Connecticut
364 CT – Medical Records Health US State – Connecticut
365 CT – Department of Health Services – Medical Records Health US State – Connecticut
366 DE – Informed Consent and Confidentiality – Genetic Information Health US State – Delaware
367 DE – Informed Consent and Confidentiality – Confidentiality of Personal Health Information Health US State – Delaware
368 DC – Mental Health Information Health US State – District of Columbia
369 FL – Patient Records Health US State – Florida
370 GA – Health Records Health US State – Georgia
371 GA – Clinical Records Health US State – Georgia
372 HI – Health Care Privacy Harmonization Act Health US State – Hawaii
373 HI – Medical Records Health US State – Hawaii
374 IL – Health Care Records Health US State – Illinois
375 IN – Health Records and Identifying Information Protection Health US State – Indiana
376 IN – Health Records Health US State – Indiana
377 KS – Health Care Data Health US State – Kansas
379 LA – Health Care Consumers’ Right to Know Health US State – Louisiana
380 LA – Hospital Records and Retention Act Health US State – Louisiana
381 LA – Prohibitions on the Use of Medical Information and Genetic Test Results Health US State – Louisiana
382 ME – Patient Access to Hospital Medical Records Health US State – Maine
383 MD – Confidentiality of Medical Records Health US State – Maryland
384 MA – Inspection of Health Records Health US State – Massachusetts
385 MI – Medical Records Access Act Health US State – Michigan
386 MN – MN Health Records Act Health US State – Minnesota
387 MS – Hospital Records – Preparation, Preservation & Destruction Health US State – Mississippi
388 MS – Medical Records Health US State – Mississippi
389 MT – Health Care Information Privacy Requirements for Providers Subject to HIPAA Health US State – Montana
390 MT – Uniform Health Care Information Health US State – Montana
391 MT – Government Health Care Information Health US State – Montana
392 NE – Medical Records Health US State – Nebraska
393 NV – Healing Arts Generally Health US State – Nevada
394 NV – Electronic transmission of health information Health US State – Nevada
395 NV – Health Information Exchanges Health US State – Nevada
396 NH – Medical Records, Patient Information, and the Health Information Organization Corporation Health US State – New Hampshire
397 NJ – Health Insurance Carrier Computerized Records Health US State – New Jersey
398 NM – Health and Hospital Records Health US State – New Mexico
399 NM – Health Information Systems Health US State – New Mexico
400 NM – Electronic Medical Records Health US State – New Mexico
401 NM – Genetic Information Privacy Health US State – New Mexico
402 NY – Public Health – General Provisions Health US State – New York
403 ND – Health Information Protection Health US State – North Dakota
404 OH – Protected Health Information Health US State – Ohio
405 OR – Protected Health Information Health US State – Oregon
406 PA – Medical Records Services Health US State – Pennsylvania
407 PA – Privacy of Consumer Health Information Health US State – Pennsylvania
408 RI – Confidentiality of Health Care Information Act Health US State – Rhode Island
409 RI – RI Health Information Exchange Act of 2008 Health US State – Rhode Island
410 RI – Privacy of Consumer Health Information Health US State – Rhode Island
411 RI – Medical Records Health US State – Rhode Island
412 SC – Mental Illness / Substance Abuse Records Health US State – South Carolina
413 SC – Physicians’ Patient Records Act Health US State – South Carolina
414 SC – Prescription Information Privacy Act Health US State – South Carolina
415 SC – Privacy of Genetic Information Health US State – South Carolina
416 SD – Release of Medical Records Health US State – South Dakota
417 SD – Transfer or Destruction of Patient Records Health US State – South Dakota
418 TN – Medical Records Health US State – Tennessee
419 TN – Vital Records Act of 1977 Health US State – Tennessee
420 TN – Medical Records Act of 1974 Health US State – Tennessee
421 TN – Hospital Records as Evidence Health US State – Tennessee
422 TN – Patient’s Privacy Protection Act Health US State – Tennessee
423 TX – Medical Records Privacy Health US State – Texas
424 TX – Hospital Medical Records Health US State – Texas
425 TX – Insurance Code – Privacy of Health Information Health US State – Texas
426 TX – Insurance Consumer Health Information Privacy Health US State – Texas
427 UT – Access to Medical Records Health US State – Utah
428 VT – Health Care Privacy Health US State – Vermont
429 VT – Health – Disclosure of information Health US State – Vermont
430 VA – Health Information Health US State – Virginia
431 VA – Health Records Health US State – Virginia
432 WA – Health Information Health US State – Washington
433 WA – Medical Records – Health Care Information Access and Disclosure Health US State – Washington
434 WA – Medical Records Retention and Preservation Health US State – Washington
435 WV – Health Care Records Health US State – West Virginia
436 WI – Health Care Records Health US State – Wisconsin
437 WI – Health Care Information Health US State – Wisconsin
438 WI – Insurers: Disclosure of Personal Medical Information Health US State – Wisconsin
439 WY – Hospital Records and Information Health US State – Wyoming
488 The Joint Commission IM Standards 2018 Health US
544 PHE – 405d – Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations Health US
545 PHE – 405d – Technical Volume 2: Cybersecurity Practices for Medium and Large Health Care Organizations Health US
585 HIPAA Audit Protocol (2018) Health US
476 CT – Insurance Information and Privacy Protection Act Insurance US State – Connecticut
494 SC – SC Insurance Data Security Act Insurance US State – South Carolina
508 OH – Ohio Insurance Data Security Act Insurance US State – Ohio
509 MI – Michigan Insurance Data Security Act Insurance US State – Michigan
514 AL – Insurance – Standards for Safeguarding Customer Information Insurance US State – Alabama
515 AZ – Insurance – Customer Information Security Program Insurance US State – Arizona
516 AR – Insurance – Standards for Safeguarding Customer Information Insurance US State – Arkansas
517 CO – Insurance – Standards for Safeguarding Customer Information Insurance US State – Colorado
518 CT – Insurance – Safeguarding Consumer Financial Information Insurance US State – Connecticut
519 DE – Insurance – Standards for Safeguarding Customer Information Insurance US State – Delaware
520 IL – Insurance – Standards for Safeguarding Customer Information Insurance US State – Illinois
521 KY – Insurance – Standards for safeguarding customer information Insurance US State – Kentucky
522 ME – Insurance – Standards for Safeguarding Customer Information Insurance US State – Maine
523 MI – Insurance – Standards for Safeguarding Customer Information Insurance US State – Michigan
524 MN – Insurance – Information Security Program Insurance US State – Minnesota
525 MO – Insurance – Standards for Safeguarding Customer Information Insurance US State – Missouri
526 MT – Insurance – Standards for Safeguarding Personal Information Insurance US State – Montana
527 NE – Insurance – Standards for Safeguarding Customer Information Insurance US State – Nebraska
528 NH – Insurance – Standards for Safeguarding Customer Information Insurance US State – New Hampshire
529 NJ – Insurance – Standards for Safeguarding Customer Information Insurance US State – New Jersey
530 NY – Insurance – Standards for Safeguarding Customer Information Insurance US State – New York
531 ND – Insurance – Information Security Program Insurance US State – North Dakota
532 OK – Insurance – Standards for Safeguarding Customer Information Insurance US State – Oklahoma
533 OR – Insurance – Standards for Safeguarding Customer Information Insurance US State – Oregon
534 PA – Insurance – Standards for Safeguarding Customer Information Insurance US State – Pennsylvania
535 RI – Insurance – Standards for Safeguarding Customer Information Insurance US State – Rhode Island
536 UT – Insurance – Standards for Safeguarding Customer Information Insurance US State – Utah
537 VT – Insurance – Standards for Safeguarding Customer Information Insurance US State – Vermont
538 WV – Insurance – Standards for Safeguarding Customer Information Insurance US State – West Virginia
539 WY – Insurance – Standards for Safeguarding Customer Information Insurance US State – Wyoming
543 MS – Mississippi Insurance Data Security Law Insurance US State – Mississippi
555 NH – New Hampshire Insurance Data Security Law Insurance US State – New Hampshire
556 DE – Delaware Insurance Data Security Act Insurance US State – Delaware
557 CT – Connecticut Insurance Data Security Law Insurance US State – Connecticut
558 AL – Alabama Insurance Data Security Law Insurance US State – Alabama
564 NAIC Insurance Data Security Model Law Insurance US
588 IN – Indiana Insurance Data Security Act Insurance US State – Indiana
589 LA – Louisiana Insurance Data Security Law Insurance US State – Louisiana
590 VA – Virginia Insurance Data Security Act Insurance US State – Virginia

Availability and use of the above sources is subject to all Edgile terms and conditions.

 


Edgile Q2 2020 Content Update & Digest

Overview

 

This document provides a summary of GRC related source changes and updates. It is not a comprehensive list of applicable changes or regulations.

 

Please consult with your legal / compliance team for applicability to your organization or other relevant changes and updates.

 


 

04-01-20

NIST releases Draft SP 800-210 “General Access Control Guidance for Cloud Systems”

https://csrc.nist.gov/publications/detail/sp/800-210/draft

 

NIST releases Draft White Paper “Methodology for Characterizing Network Behavior of Internet of Things Devices”

https://csrc.nist.gov/publications/detail/white-paper/2020/04/01/methodology-for-characterizing-network-behavior-of-iot-devices/draft

 

04-02-20

OCC – Proposed Rule – Licensing Amendments

https://www.govinfo.gov/content/pkg/FR-2020-04-02/pdf/2020-04938.pdf

 

FRB – Final Rule: Delay of Effective Date – Control and Divestiture Proceedings

https://www.govinfo.gov/content/pkg/FR-2020-04-02/pdf/2020-06993.pdf

 

OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency

https://www.hhs.gov/about/news/2020/04/02/ocr-announces-notification-of-enforcement-discretion.html

 

NERC releases GridEx V Lessons Learned Report

https://www.nerc.com/pa/CI/CIPOutreach/GridEX/TLP%20WHITE%20GridEx%20V%20Lessons%20Learned%20MAR20.pdf

 

04-03-20

Basel Committee releases “Margin requirements for non-centrally cleared derivatives”

https://www.bis.org/bcbs/publ/d499.htm

 

Basel Committee releases “Measures to reflect the impact of Covid-19”

https://www.bis.org/bcbs/publ/d498.htm

 

04-06-20

FRB – Notification of Delay – Federal Reserve Policy on Payment System Risk; U.S. Branches and Agencies of Foreign Banking Organizations

https://www.govinfo.gov/content/pkg/FR-2020-04-06/pdf/2020-06482.pdf

 

Washington, D.C. Amends Data Breach Notification Law

https://www.huntonprivacyblog.com/2020/04/03/washington-d-c-amends-data-breach-notification-law-adds-data-security-requirements/

 

Canadian Maker of Smart Locks Settles FTC Allegations That it Deceived Consumers about its Security Practices

https://www.ftc.gov/news-events/press-releases/2020/04/canadian-maker-smart-locks-settles-ftc-allegations-it-deceived

 

04-07-20

HHS – Enforcement Discretion Under HIPAA To Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities in Response to COVID–19

https://www.govinfo.gov/content/pkg/FR-2020-04-07/pdf/2020-07268.pdf

 

04-08-20

FDIC – Proposed Rule – Unsafe and Unsound Banking Practices: Brokered Deposits Restrictions; Extension of Comment Period

https://www.govinfo.gov/content/pkg/FR-2020-04-08/pdf/2020-07322.pdf

 

Basel Committee releases Basel III Monitoring Report

https://www.bis.org/bcbs/publ/d500.htm

 

NERC Files Motion to Defer Implementation of Seven Reliability Standards Due to COVID-19

https://www.hstoday.us/subject-matter-areas/infrastructure-security/nerc-files-motion-to-defer-implementation-of-seven-reliability-standards-due-to-covid-19/

 

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issue joint alert: Alert (AA20-099A),

COVID-19 Exploited by Malicious Cyber Actors

https://www.us-cert.gov/ncas/alerts/aa20-099a

 

04-09-20

NCUA – Corporate Credit Unions; Extension of Comment Period

https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-07159.pdf

 

CFTC – Final Rule – Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants

https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-06625.pdf

 

SEC – Final Rule – Accelerated Filer and Large Accelerated Filer Definitions; Correction

https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-06926.pdf

 

FCC – Final Order – Promoting Telehealth for Low-Income Consumers; COVID–19 Telehealth Program

https://www.govinfo.gov/content/pkg/FR-2020-04-09/pdf/2020-07587.pdf

 

OCR Announces Notification of Enforcement Discretion for Community-Based Testing Sites During the COVID-19 Nationwide Public Health Emergency

https://www.hhs.gov/about/news/2020/04/09/ocr-announces-notification-enforcement-discretion-community-based-testing-sites-during-covid-19.html

 

04-10-20

 

FTC issues COPPA guidance for remote learning

https://www.ftc.gov/news-events/blogs/business-blog/2020/04/coppa-guidance-ed-tech-companies-schools-during-coronavirus

 

CDC updates COVID-19 guidance for critical businesses

https://www.cdc.gov/coronavirus/2019-ncov/community/critical-workers/implementing-safety-practices.html

 

04-13-20

OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Paycheck Protection Program Lending Facility and Paycheck Protection Program Loans

https://www.govinfo.gov/content/pkg/FR-2020-04-13/pdf/2020-07712.pdf

 

NIST releases Draft SP 1800-19, Trusted Cloud: Security Practice Guide for VMware Hybrid Cloud Infrastructure as a Service (IaaS) Environments

https://csrc.nist.gov/publications/detail/sp/1800-19/draft

 

NIST releases Project Description White Paper, 5G Cybersecurity: Preparing a Secure Evolution to 5G

https://csrc.nist.gov/publications/detail/white-paper/2020/04/13/5g-cybersecurity-preparing-a-secure-evolution-to-5g/final

 

04-14-20

FRB – Interim Final Rule – Temporary Exclusion of U.S. Treasury Securities and Deposits at Federal Reserve Banks From the Supplementary Leverage Ratio

https://www.govinfo.gov/content/pkg/FR-2020-04-14/pdf/2020-07345.pdf

 

 

 

04-15-20

 

FFIEC Releases Updates to BSA/AML Examination Manual

https://www.ffiec.gov/press/pr041520.htm

 

04-16-20

FFIEC Announces Federal Disclosure Computational Tools

https://www.ffiec.gov/press/pr041620.htm

 

AMA, AHA Share COVID-19 Telework Guidance for Hospitals, Providers

https://healthitsecurity.com/news/ama-aha-share-covid-19-telework-guidance-for-hospitals-providers

 

04-17-20

CFTC – Reopening of Comment Period – Certain Swap Data Repository and Data Reporting Requirements

https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04404.pdf

 

CFTC – Proposed Rule – Real-Time Public Reporting Requirements

https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04405.pdf

 

CFTC – Proposed Rule – Swap Data Recordkeeping and Reporting Requirements

https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-04407.pdf

 

OCC/FRB/FDIC – Interim Final Rule – Real Estate Appraisals

https://www.govinfo.gov/content/pkg/FR-2020-04-17/pdf/2020-08216.pdf

 

Office of the Privacy Commissioner of Canada releases COVID-19 assessment framework

https://www.priv.gc.ca/en/opc-news/news-and-announcements/2020/an_200417/

 

European Commission issues guidance on COVID-19 apps

https://ec.europa.eu/commission/presscorner/detail/en/ip_20_669

 

04-20-20

SEC – Final Rule – Financial Disclosures About Guarantors and Issuers of Guaranteed Securities and Affiliates Whose Securities Collateralize a Registrant’s Securities

https://www.govinfo.gov/content/pkg/FR-2020-04-20/pdf/2020-04776.pdf

 

Federal Energy Regulatory Commission (FERC) grants request to delay implementation of three cybersecurity standards for three months because of Covid-19

https://www.ferc.gov/CalendarFiles/20200417144415-RM15-4-000.pdf

 

Supreme Court will hear a case involving the U.S. Computer Fraud and Abuse Act

https://www.cyberscoop.com/cfaa-will-soon-day-supreme-court/

 

04-21-20

 

NCUA – Temporary Final Rule – Temporary Regulatory Relief in Response to COVID–19

https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08434.pdf

 

NCUA – Interim Final Rule – Real Estate Appraisals

https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08435.pdf

 

HHS – Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID–19 Nationwide Public Health Emergency

https://www.govinfo.gov/content/pkg/FR-2020-04-21/pdf/2020-08416.pdf

 

NYDFS issues Guidance to Department of Financial Services (“DFS”) Regulated Entities Regarding Cybersecurity Awareness During COVID-19 Pandemic

https://www.dfs.ny.gov/industry_guidance/industry_letters/il20200413_covid19_cybersecurity_awareness

 

04-22-20

 

FRB – Interim Final Rule – Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks

https://www.govinfo.gov/content/pkg/FR-2020-04-22/pdf/2020-08574.pdf

 

EDPB adopts COVID-19 guidance on health data processing, geolocation

https://edpb.europa.eu/news/news/2020/european-data-protection-board-twenty-third-plenary-session-edpb-adopts-further-covid_en

 

Credit Card Launderer for Tech Support Scams to Pay $6.75 Million to Settle FTC Charges

https://www.ftc.gov/news-events/press-releases/2020/04/credit-card-launderer-tech-support-scams-pay-675-million-settle

 

Financial Stability Board (FSB) publishes consultation report on Effective Practices for Cyber Incident Response and Recovery

https://www.fsb.org/2020/04/fsb-consults-on-effective-practices-for-cyber-incident-response-and-recovery/

 

ETSI Releases New Standard to Confirm Integrity of Data in Legal Proceedings

https://www.infosecurity-magazine.com/news/standard-integrity-data-legal/

 

PCI SSC releases updated guidance document: Responding to a Cardholder Data Breach

https://blog.pcisecuritystandards.org/updated-guidance-responding-to-a-data-breach

 

 

 

 

04-23-20

CFTC – Extension of Currently Open Comment Periods for Rulemakings in Response to the COVID–19 Pandemic

https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-08109.pdf

 

OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Temporary Changes to the Community Bank Leverage Ratio Framework

https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-07449.pdf

 

OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Transition for the Community Bank Leverage Ratio Framework

https://www.govinfo.gov/content/pkg/FR-2020-04-23/pdf/2020-07448.pdf

 

National Security Agency and Australian Signals Directorate issue guidance: Detect and Prevent Web Shell Malware

https://media.defense.gov/2020/Apr/22/2002285959/-1/-1/0/DETECT%20AND%20PREVENT%20WEB%20SHELL%20MALWARE.PDF

 

NIST releases white paper: Mitigating the Risk of Software Vulnerabilities by Adopting a Secure Software Development Framework (SSDF)

https://csrc.nist.gov/News/2019/mitigating-risk-of-software-vulns-ssdf

 

The Pentagon’s Cybersecurity Certification Plan Includes Continuously Monitoring Contractors

https://www.nextgov.com/cybersecurity/2020/04/pentagons-cybersecurity-certification-plan-includes-continuously-monitoring-contractors/164821/

 

04-24-20

 

HHS-OIG – Proposed Rule – Grants, Contracts, and Other Agreements: Fraud and Abuse; Information Blocking; Office of Inspector General’s Civil Money Penalty Rules

https://www.govinfo.gov/content/pkg/FR-2020-04-24/pdf/2020-08451.pdf

 

Lawmakers introduce legislation to boost American 5G efforts

https://thehill.com/policy/cybersecurity/494522-lawmakers-introduce-legislation-to-boost-american-5g-efforts

 

04-27-20

NCUA – Interim Final Rule – Regulatory Capital Rule: Paycheck Protection Program Lending Facility and Paycheck Protection Program Loans

https://www.govinfo.gov/content/pkg/FR-2020-04-27/pdf/2020-08920.pdf

 

CFPB – Interpretive Rule – Treatment of Pandemic Relief Payments Under Regulation E and Application of the Compulsory Use Prohibition

https://www.govinfo.gov/content/pkg/FR-2020-04-27/pdf/2020-08084.pdf

 

March 2020 Healthcare Data Breach Report

https://www.hipaajournal.com/march-2020-healthcare-data-breach-report/

 

04-28-20

FRB – Interim Final Rule – Regulation D: Reserve Requirements of Depository Institutions

https://www.govinfo.gov/content/pkg/FR-2020-04-28/pdf/2020-09044.pdf

 

FRB – Policy Statement – Temporary Actions To Support the Flow of Credit to Households and Businesses by Encouraging Use of Intraday Credit

https://www.govinfo.gov/content/pkg/FR-2020-04-28/pdf/2020-09052.pdf

 

DoD Inspector General releases “Special Report on Protecting Patient Health Information During the COVID‑19 Pandemic”

https://www.oversight.gov/sites/default/files/oig-reports/DODIG-2020-080.pdf

 

FTC Gives Final Approval to Modify FTC’s 2012 Privacy Order with Facebook with Provisions from 2019 Settlement

https://www.ftc.gov/news-events/press-releases/2020/04/ftc-gives-final-approval-modify-ftcs-2012-privacy-order-facebook

 

PCI – Additional Remote Assessment Considerations During COVID-19

https://blog.pcisecuritystandards.org/additional-remote-assessment-considerations-during-covid-19

 

NIST releases White Paper “Protecting Data from Ransomware and Other Data Loss Events: A Guide for Managed Service Providers to Conduct, Maintain, and Test Backup Files”

https://csrc.nist.gov/publications/detail/white-paper/2020/04/24/protecting-data-from-ransomware-and-other-data-loss-events/final

 

NIST releases NISTIR 8011 Vol. 4 “Automation Support for Security Control Assessments: Software Vulnerability Management”

https://csrc.nist.gov/publications/detail/nistir/8011/vol-4/final

 

NIST releases draft White Paper “Hardware-Enabled Security for Server Platforms: Enabling a Layered Approach to Platform Security for Cloud and Edge Computing Use Cases”

https://csrc.nist.gov/publications/detail/white-paper/2020/04/28/hardware-enabled-security-for-server-platforms/draft

 

NSA releases guidance document “Selecting and Safely Using Collaboration Services for Telework”

https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2163484/working-from-home-select-and-use-collaboration-services-more-securely/

 

04-29-20

 

NCUA – Interim Final Rule – Central Liquidity Facility

https://www.govinfo.gov/content/pkg/FR-2020-04-29/pdf/2020-08101.pdf

 

Basel Committee releases Report on Progress in adopting the Principles for effective risk data aggregation and risk reporting

https://www.bis.org/bcbs/publ/d501.htm

 

NIST releases NISTIR 8294 “Symposium on Federally Funded Research on Cybersecurity of Electric Vehicle Supply Equipment (EVSE)”

https://csrc.nist.gov/publications/detail/nistir/8294/final

 

04-30-20

Basel Committee releases report: Climate-related financial risks: a survey on current initiatives

https://www.bis.org/bcbs/publ/d502.htm

 

DHS Shares Cloud, Microsoft Office 365 Insights for COVID-19 Telework

https://healthitsecurity.com/news/dhs-shares-cloud-microsoft-office-365-insights-for-covid-19-telework

 

PCI: Maintaining POS Device Security and Cleanliness

https://blog.pcisecuritystandards.org/maintaining-pos-device-security-and-cleanliness

 

FFIEC Issues Statement on Risk Management for Cloud Computing Services

https://www.ffiec.gov/press/pr043020.htm

 

05-01-20

NCUA – Final Rule – Real Estate Appraisals

https://www.govinfo.gov/content/pkg/FR-2020-04-30/pdf/2020-08433.pdf

 

Trump issues executive order to protect power grid from attack

https://thehill.com/policy/cybersecurity/495711-trump-issues-executive-order-to-protect-us-power-grid-from-attack

 

CFPB – Compliance bulletin and policy guidance – Bulletin 2020–02—Compliance Bulletin and Policy Guidance: Handling of Information and Documents During Mortgage Servicing Transfers

https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-09151.pdf

 

HHS-CMS – Final Rule – Medicare and Medicaid Programs; Patient Protection and Affordable Care Act; Interoperability and Patient Access for Medicare Advantage Organization and Medicaid Managed Care Plans, State Medicaid Agencies, CHIP Agencies and CHIP Managed Care Entities, Issuers of Qualified Health Plans on the Federally- Facilitated Exchanges, and Health Care Providers

https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05050.pdf

 

 

HHS-ONC – Final Rule – 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program

https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-07419.pdf

 

SEC – Final Rule – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts

https://www.govinfo.gov/content/pkg/FR-2020-05-01/pdf/2020-05526.pdf

 

05-04-20

CFTC – Proposed Rule – Amendments to Compliance Requirements for Commodity Pool Operators on Form CPO–PQR

https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-08496.pdf

 

CFPB – Interpretive Rule – Application of Certain Provisions in the TILA–RESPA Integrated Disclosure Rule and Regulation Z Right of Rescission Rules in Light of the COVID–19 Pandemic

https://www.govinfo.gov/content/pkg/FR-2020-05-04/pdf/2020-09515.pdf

 

PCI: Beware of Online Skimming Threats During the COVID-19 Crisis

https://blog.pcisecuritystandards.org/beware-of-online-skimming-threats-during-the-covid-19-crisis

 

NIST releases SP 800-57 Part 1, Revision 5, “Recommendation for Key Management: Part 1 – General”

https://csrc.nist.gov/News/2019/nist-publishes-sp-800-57-pt-1-rev-5

 

FINRA Warns of Fraudulent Phishing Emails Purporting to be from FINRA

https://www.finra.org/rules-guidance/notices/20-12

 

05-05-20

FCC – Proposed Rule – National Security Threats to the Communications Supply Chain Through FCC Programs

https://www.govinfo.gov/content/pkg/FR-2020-05-05/pdf/2020-08822.pdf

 

Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and U.K.’s National Cyber Security Centre (NCSC) issue joint alert: APT Groups Target Healthcare and Essential Services

https://www.us-cert.gov/ncas/alerts/AA20126A

 

OCR Issues Guidance on Covered Health Care Providers and Restrictions on Media Access to Protected Health Information about Individuals in Their Facilities

https://www.hhs.gov/about/news/2020/05/05/ocr-issues-guidance-covered-health-care-poviders-restrictions-media-access-protected-health-information-individuals-facilities.html

 

05-06-20

OCC/FRB/FDIC – Interim Final Rule – Liquidity Coverage Ratio Rule: Treatment of Certain Emergency Facilities

https://www.govinfo.gov/content/pkg/FR-2020-05-06/pdf/2020-09716.pdf

 

EDPB publishes “Guidelines 05/2020 on consent under Regulation 2016/679 Version 1.0”

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_202005_consent_en.pdf

 

CISA releases CT Supply Chain Essentials guide

https://www.cisa.gov/blog/2020/05/05/building-collective-resilience-ict-supply-chain

 

IL BIPA cases have standing in federal court

https://tcpaworld.com/2020/05/06/bipa-survives-huge-challenge-seventh-circuit-holds-that-bipa-violations-cause-injury-sufficient-for-article-iii-standing/

 

05-07-20

SEC – Temporary Final Rule – Temporary Amendments to Regulation Crowdfunding

https://www.govinfo.gov/content/pkg/FR-2020-05-07/pdf/2020-09806.pdf

 

CMMC won’t apply to commercial-off-the-shelf suppliers

https://www.fedscoop.com/cmmc-exemption-cots-suppliers/

 

05-08-20

OPC, provincial commissioners issue joint statement on COVID-19 contact tracing apps:

Supporting public health, building public trust: Privacy principles for contact tracing and similar apps

https://priv.gc.ca/en/opc-news/speeches/2020/s-d_20200507/

 

FTC Seeks Comment as Part of Review of Health Breach Notification Rule

https://www.ftc.gov/news-events/press-releases/2020/05/ftc-seeks-comment-part-review-health-breach-notification-rule

 

05-11-20

CFTC – Final Rule – Margin Requirements for Uncleared Swaps for Swap Dealers and Major Swap Participants

https://www.govinfo.gov/content/pkg/FR-2020-05-11/pdf/2020-08601.pdf

 

NIST publishes NISTIR 8196 “Security Analysis of First Responder Mobile and Wearable Devices”

https://csrc.nist.gov/publications/detail/nistir/8196/final

 

05-12-20

CFTC – Proposed Rule – Swap Clearing Requirement Exemptions

https://www.govinfo.gov/content/pkg/FR-2020-05-12/pdf/2020-08603.pdf

 

CFPB – Final Rule – Home Mortgage Disclosure (Regulation C)

https://www.govinfo.gov/content/pkg/FR-2020-05-12/pdf/2020-08409.pdf

 

AMA Shares Privacy Principles for Non-HIPAA Covered Entities, Data

https://www.ama-assn.org/system/files/2020-05/privacy-principles.pdf

 

05-13-20

SEC – Proposed Rule – Good Faith Determinations of Fair Value

https://www.govinfo.gov/content/pkg/FR-2020-05-13/pdf/2020-08854.pdf

 

SEC – Correction – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts

https://www.govinfo.gov/content/pkg/FR-2020-05-13/pdf/C1-2020-05526.pdf

 

CISA and FBI release Alert (AA20-133A) Top 10 Routinely Exploited Vulnerabilities

https://www.us-cert.gov/ncas/alerts/aa20-133a

 

CISA and FBI jointly release PSA on People’s Republic of China’s targeting of COVID-19 research organizations.

https://www.cisa.gov/news/2020/05/13/fbi-and-cisa-warn-against-chinese-targeting-covid-19-research-organizations

 

05-14-20

Office of the President – Continuation of the National Emergency with Respect to Securing the Information and Communications Technology and Services Supply Chain

https://www.govinfo.gov/content/pkg/FR-2020-05-14/pdf/2020-10594.pdf

 

SEC – Final Rule – Definition of ‘‘Covered Clearing Agency’

https://www.govinfo.gov/content/pkg/FR-2020-05-14/pdf/2020-07905.pdf

 

Cybersecurity Tech Accord and Consumers International launch “Stay Smart. Stay Safely Connected”

https://cybertechaccord.org/iot-security/

 

EC releases guidelines for contact tracing app interoperability

https://ec.europa.eu/digital-single-market/en/news/coronavirus-common-approach-safe-and-efficient-mobile-tracing-apps-across-eu

 

05-15-20

Healthcare and Public Health Sector Coordinating Council’s cybersecurity task force release white paper: Health Industry Cybersecurity Protection of Innovation Capital (HIC-PIC)

https://healthsectorcouncil.org/hic-pic/

 

GAO report: Critical Infrastructure Protection: Actions Needed to Enhance DHS Oversight of Cybersecurity at High-Risk Chemical Facilities

https://www.gao.gov/products/GAO-20-453

 

US ports and infrastructure organizations form cybersecurity information sharing and analysis center

https://www.seatrade-maritime.com/ports-logistics/us-ports-and-infrastructure-providers-come-together-cyber-security

 

05-18-20

CFTC – Final Rule / Correction – Privacy of Consumer Financial Information

https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/2020-08552.pdf

 

SEC – Correction – Updated Disclosure Requirements and Summary Prospectus for Variable Annuity and Variable Life Insurance Contracts

https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/C2-2020-05526.pdf

 

HHS – Enforcement Discretion Regarding COVID–19 Community-Based Testing Sites (CBTS) During the COVID–19 Nationwide Public Health Emergency

https://www.govinfo.gov/content/pkg/FR-2020-05-18/pdf/2020-09099.pdf

 

European Data Protection Board publishes its “2019 Annual Report.”

https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_annual_report_2019_en.pdf

 

Cyber Insurers Get Tough on Risk Assessments Amid Coronavirus Pandemic

https://www.wsj.com/articles/cyber-insurers-get-tough-on-risk-assessments-amid-coronavirus-pandemic-11589794201

 

05-19-20

OCC/FRB/FDIC – Correcting Amendment – Regulatory Capital Rule: Revised Transition of the Current Expected Credit Losses Methodology for Allowances; Correction

https://www.govinfo.gov/content/pkg/FR-2020-05-19/pdf/2020-08789.pdf

 

Verizon releases 2020 Data Breach Investigations Report

https://enterprise.verizon.com/resources/reports/dbir/

 

NTT releases 2020 Global Threat Intelligence Report

https://hello.global.ntt/en-us/insights/2020-global-threat-intelligence-report?utm_source=PR&utm_medium=Referral&utm_campaign=GTIR2020&utm_term=&utm_content=PressRelease&campaignID=701D00000014ffc&utm_SFDC_Offer=

 

Panaseer releases 2020 Financial Services Security Metrics Report

https://panaseer.com/reports-papers/report/2020-security-metrics-report/

 

 

Swiss Digital Game Developer Settles FTC Allegations that it Falsely Claimed it was a Member of COPPA Safe Harbor Program

https://www.ftc.gov/news-events/press-releases/2020/05/swiss-digital-game-developer-settles-ftc-allegations-it-falsely

 

Healthcare and Public Health Sector Coordinating Council (HSCC) and Health Information Sharing and Analysis Center (H-ISAC) release Health Industry Cybersecurity Tactical Crisis Response Guide (HIC-TCR)

https://healthsectorcouncil.org/hic-tcr/

 

05-20-20

April 2020 Healthcare Data Breach Report

https://www.hipaajournal.com/april-2020-healthcare-data-breach-report/

FDIC – Proposed Rule – Assessments, Mitigating the Deposit Insurance Assessment Effect of Participation in the Paycheck Protection Program (PPP), the PPP Lending Facility, and the Money Market Mutual Fund Liquidity Facility

https://www.govinfo.gov/content/pkg/FR-2020-05-20/pdf/2020-10454.pdf

 

FTC Gives Final Approval to Settlement with Smart Lock Maker

https://www.ftc.gov/news-events/press-releases/2020/05/ftc-gives-final-approval-settlement-smart-lock-maker

 

NIST releases SP 1800-23 “Energy Sector Asset Management: For Electric Utilities, Oil & Gas Industry”

https://csrc.nist.gov/publications/detail/sp/1800-23/final

 

05-21-20

CFPB – Proposed Rule / Extension of Comment Period – Debt Collection Practices (Regulation F)

https://www.govinfo.gov/content/pkg/FR-2020-05-21/pdf/2020-10966.pdf

 

ICO publishes guidance on explaining AI decision-making processes

https://ico.org.uk/for-organisations/guide-to-data-protection/key-data-protection-themes/explaining-decisions-made-with-ai/

 

NIST publishes SP 800-137A, Assessing Information Security Continuous Monitoring (ISCM) Programs: Developing an ISCM Program Assessment

https://csrc.nist.gov/News/2020/assessing-iscm-programs-nist-publishes-sp-800-137a

 

PCI SSC issues Request for Comments: Secure Software Standard Update: Draft Terminal Software Module

https://blog.pcisecuritystandards.org/request-for-comments-secure-software-standard-update-draft-terminal-software-module

 

 

 

Indiana Court of Appeals Reinstates Respondeat Superior Claim in HIPAA Breach Lawsuit

https://www.hipaajournal.com/indiana-court-of-appeals-reinstates-hipaa-breach-lawsuit-respondeat-superior-claim/

 

05-22-20

FTC – Regulatory review; request for public comment – Health Breach Notification Rule

https://www.govinfo.gov/content/pkg/FR-2020-05-22/pdf/2020-10263.pdf

 

Cybersecurity and Infrastructure Security Agency (CISA), Department of Energy (DOE), and UK’s National Cyber Security Centre (NCSC) release “Cybersecurity Best Practices for Industrial Control Systems”

https://www.us-cert.gov/ncas/current-activity/2020/05/22/cisa-doe-and-uks-ncsc-issue-guidance-protecting-industrial-control

 

05-26-20

NIST releases draft White Paper “Getting Ready for Post-Quantum Cryptography: Explore Challenges Associated with Adoption and Use of Post-Quantum Cryptographic Algorithms”

https://csrc.nist.gov/publications/detail/white-paper/2020/05/26/getting-ready-for-post-quantum-cryptography/draft

 

H-ISAC Publishes Framework for Managing Identity in Healthcare

https://h-isac.org/an-h-isac-framework-for-cisos-to-manage-identity-2/

 

05-27-20

FDIC – Proposed Rule / Extension of Comment Period – Parent Companies of Industrial Banks and Industrial Loan Companies; Extension of Comment Period

https://www.govinfo.gov/content/pkg/FR-2020-05-27/pdf/2020-11446.pdf

 

NIST publishes SP 800-204A, Building Secure Microservices-based Applications Using Service-Mesh Architecture

https://csrc.nist.gov/News/2020/nist-publishes-sp-800-204a

 

05-28-20

 

OCC – Interim Final Rule – Director, Shareholder, and Member Meetings

https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-11525.pdf

 

FRB – Final Rule to Extend Compliance Dates – Single-Counterparty Credit Limits for Bank Holding Companies and Foreign Banking Organizations

https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-09665.pdf

 

NCUA – Interim Final Rule – Temporary Regulatory Relief in Response to COVID–19—Prompt Corrective Action

https://www.govinfo.gov/content/pkg/FR-2020-05-28/pdf/2020-11384.pdf

 

NIST Seeks Public Input on Use of Positioning, Navigation and Timing Services

https://www.nist.gov/news-events/news/2020/05/nist-seeks-public-input-use-positioning-navigation-and-timing-services

 

OMB releases FISMA FY 2019 Annual Report to Congress

https://www.whitehouse.gov/wp-content/uploads/2020/05/2019-FISMARMAs.pdf

 

Judge rules Capital One must hand over Mandiant’s forensic data breach report

https://www.cyberscoop.com/capital-one-breach-mandiant-report-judge-ruling/

 

05-29-20

 

HHS-CMS – Proposed Rule – Medicare Program; Hospital Inpatient Prospective Payment Systems for Acute Care Hospitals and the Long- Term Care Hospital Prospective Payment System and Proposed Policy Changes and Fiscal Year 2021 Rates; Quality Reporting and Medicare and Medicaid Promoting Interoperability Programs Requirements for Eligible Hospitals and Critical Access Hospitals

https://www.govinfo.gov/content/pkg/FR-2020-05-29/pdf/2020-10122.pdf

 

PCI SSC issues Request for Comments: PIN v3.1 Standard Draft

https://blog.pcisecuritystandards.org/request-for-comments-pin-v3.1-standard-draft

 

PCI DSS v4.0: Anticipated Timelines and Latest Updates

https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updates

 

06-01-20

OCC/FRB/FDIC – Interim Final Rule – Regulatory Capital Rule: Temporary Exclusion of U.S. Treasury Securities and Deposits at Federal Reserve Banks from the Supplementary Leverage Ratio for Depository Institutions

https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10962.pdf

 

OCC/FRB/FDIC/NCUA – Interagency Policy Statement on Allowances for Credit Losses

https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10291.pdf

 

SEC – Correcting Amendment – Recordkeeping and Reporting Requirements for Security-Based Swap Dealers, Major Security-Based Swap Participants, and Broker- Dealers

https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-10016.pdf

 

SEC – Final Rule – Securities Offering Reform for Closed- End Investment Companies

https://www.govinfo.gov/content/pkg/FR-2020-06-01/pdf/2020-07790.pdf

 

NIST releases NISTIR 8259A, “IoT Device Cybersecurity Capability Core Baseline” and

NISTIR 8259, “Foundational Cybersecurity Activities for IoT Device Manufacturers”

https://csrc.nist.gov/News/2020/security-iot-device-manufacturers-8259-and-8259a

 

 

06-02-20

NRC – Proposed Rule – Social Security Number Fraud Prevention

https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11900.pdf

 

NRC – Direct Final Rule – Social Security Number Fraud Prevention

https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11899.pdf

 

OCC – Final Rule – Permissible Interest on Loans That Are Sold, Assigned, or Otherwise Transferred

https://www.govinfo.gov/content/pkg/FR-2020-06-02/pdf/2020-11963.pdf

 

Biometric privacy case against Vimeo won’t go to arbitration, judge rules

https://www.mediapost.com/publications/article/352095/judge-wont-send-biometric-privacy-case-against-vi.html

 

06-03-20

 

California Attorney General submits final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL)

https://oag.ca.gov/privacy/ccpa

 

Senators Propose Bill to Regulate Privacy of COVID-19 Contact Tracing Apps

https://healthitsecurity.com/news/sens.-unveil-privacy-bill-to-regulate-covid-19-contact-tracing-apps

 

06-04-20

 

Cyberspace Solarium Commission issues White Paper #1: Cybersecurity Lessons from the Pandemic

https://www.solarium.gov/public-communications/pandemic-white-paper

 

CISA creates “CISA Central” to coordinate “situational awareness and response to national cyber, communications, and physical incidents”

https://www.cisa.gov/central

 

Developer of Apps Popular with Children Agrees to Settle FTC Allegations It Illegally Collected Kids’ Data without Parental Consent

https://www.ftc.gov/news-events/press-releases/2020/06/developer-apps-popular-children-agrees-settle-ftc-allegations-it

 

NIST releases SP 800-133 Rev. 2 “Recommendation for Cryptographic Key Generation”

https://csrc.nist.gov/publications/detail/sp/800-133/rev-2/final

 

06-05-20

 

NCUA – Proposed Rule – Joint Ownership Share Accounts

https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-11385.pdf

 

OCC – Final Rule – Community Reinvestment Act Regulations

https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-11220.pdf

 

CFPB – Final Rule – Remittance Transfers Under the Electronic Fund Transfer Act (Regulation E)

https://www.govinfo.gov/content/pkg/FR-2020-06-05/pdf/2020-10278.pdf

 

Basel Committee issues “The Basel Framework: frequently asked questions”

https://www.bis.org/bcbs/publ/d503.htm

 

06-08-20

IAB Tech Lab releases CCPA data deletion spec

https://www.adweek.com/programmatic/iab-tech-lab-data-deletion-spec-ccpa-enforcement/

 

NCCoE Announces Technology Collaborators for Protecting Information and System Integrity in Industrial Control System Environments Project

https://www.nccoe.nist.gov/news/nccoe-announces-technology-collaborators-protecting-information-and-system-integrity-industrial

 

NIST issues Call for Comments on the four-volume set of Digital Identity Guideline documents, including: Special Publication (SP) 800-63-3 Digital Identity Guidelines, SP 800-63A Enrollment and Identity Proofing, SP 800-63B Authentication and Lifecycle Management, and SP 800-63C Federation and Assertions.

https://csrc.nist.gov/News/2020/call-for-comments-on-digital-identity-guidelines

 

06-09-20

Rogue Payment Processor that Helped Perpetuate Multiple Scams Is Banned from the Payment Processing Business Under FTC Settlement

https://www.ftc.gov/news-events/press-releases/2020/06/rogue-payment-processor-helped-perpetuate-multiple-scams-banned

06-10-20

OCC – Correcting Amendment – Director, Shareholder, and Member Meetings: Technical Correction

https://www.govinfo.gov/content/pkg/FR-2020-06-10/pdf/2020-12570.pdf

 

FTC Reaches Settlement with Kohl’s over Allegations it Failed to Provide Victims with Information Related to Identity Theft

https://www.ftc.gov/news-events/press-releases/2020/06/ftc-reaches-settlement-kohls-over-allegations-it-failed-provide

 

PCI – What to Know About the Approved Scanning Vendor Program

https://blog.pcisecuritystandards.org/what-to-know-about-the-approved-scanning-vendor-program

 

06-12-20

CFTC – Proposed Rule – Exemption from Registration for Certain Foreign Persons Acting as Commodity Pool Operators of Offshore Commodity Pools

https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-12034.pdf

 

CFTC – Proposed Rule – Bankruptcy Regulations

https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-08482.pdf

 

CFTC – Correcting Amendments – Derivatives Clearing Organization General Provisions and Core Principles

https://www.govinfo.gov/content/pkg/FR-2020-06-12/pdf/2020-10809.pdf

 

OCR Issues Guidance on How Health Care Providers Can Contact Former COVID-19 Patients About Blood and Plasma Donation Opportunities

https://www.hhs.gov/about/news/2020/06/12/guidance-on-hipaa-and-contacting-former-covid-19-patients-about-blood-and-plasma-donation.html

 

06-15-20

Atlantic Council releases report on IoT supply chain security

https://www.atlanticcouncil.org/in-depth-research-reports/report/the-reverse-cascade-enforcing-security-on-the-global-iot-supply-chain/

06-16-20

Judge approves $3.2M settlement in Illinois BIPA case

https://www.reuters.com/article/in-brief-judge-blesses-corner-bakerys-32/in-brief-judge-blesses-corner-bakerys-32-mln-privacy-settlement-over-employee-fingerprint-scans-idUSL1N2DS22T

 

NIST announces release of OSCAL 1.0.0 Milestone 3

https://csrc.nist.gov/News/2020/oscal-1-0-0-milestone-3-release

 

PCI SSC releases PCI PIN Transaction Security (PTS) Point-of-Interaction (POI) Modular Security Requirements v6.0

https://www.pcisecuritystandards.org/about_us/press_releases/pr_06162020

 

06-17-20

 

Pentagon Wants to Scale Up Its Device Security Program

https://www.nextgov.com/cybersecurity/2020/06/pentagon-wants-scale-its-device-security-program/166225/

 

NIST releases SP 1800-16 “Securing Web Transactions: TLS Server Certificate Management”

https://csrc.nist.gov/publications/detail/sp/1800-16/final

 

06-18-20

CFPB – Proposed Rule – Facilitating the LIBOR Transition (Regulation Z)

https://www.govinfo.gov/content/pkg/FR-2020-06-18/pdf/2020-12239.pdf

 

Information Technology Industry Council releases “ITI’s 5G Policy Principles and 5G Essentials for Global Policymakers”

https://www.itic.org/policy/ITI_5G_Full_Report.pdf

 

EDPB adopts statement on interoperability of contact-tracing apps

https://edpb.europa.eu/news/news/2020/thirty-second-plenary-session-statement-interoperability-contact-tracing-applications_en

 

Senate HELP Committee Considers Permanent Changes to Telehealth Policies

https://www.hipaajournal.com/senate-help-committee-considers-permanent-changes-to-telehealth-policies/

 

NSA Piloting Secure Domain Name System Service for Defense Contractors

https://www.nextgov.com/cybersecurity/2020/06/nsa-piloting-secure-domain-name-system-service-defense-contractors/166248/

https://www.cyberscoop.com/nsa-secure-dns-service-pilot-defense-industrial-base/?category_news=

 

06-19-20

 

FERC releases “Cybersecurity Incentives Policy White Paper”

https://www.ferc.gov/media/headlines/2020/2020-2/notice-cybersecurity.pdf

 

Sen. Sherrod Brown, D-Ohio, releases federal U.S. privacy law draft

https://www.brown.senate.gov/newsroom/press/release/brown-proposal-protect-consumers-privacy

 

FTC releases “FTC’s Use of Its Authorities to Protect Consumer Privacy and Security”

https://www.ftc.gov/system/files/documents/reports/reports-response-senate-appropriations-committee-report-116-111-ftcs-use-its-authorities-resources/p065404reportprivacydatasecurity.pdf

 

FTC releases “FTC Report on Resources Used and Needed for Protecting Consumer Privacy and Security”

https://www.ftc.gov/system/files/documents/reports/reports-response-senate-appropriations-committee-report-116-111-ftcs-use-its-authorities-resources/p065404reportresourcesprivacydatasecurity.pdf

 

French court upholds ruling fining Google $56 million for data protection violations

https://thehill.com/policy/technology/503629-french-court-upholds-ruling-fining-google-56-million-for-data-protection

 

06-22-20

DHS/CISA – Retrospective Analysis of the Chemical Facility Anti-Terrorism Standards

https://www.govinfo.gov/content/pkg/FR-2020-06-22/pdf/2020-13147.pdf

FTC offers tips on data use by businesses during COVID-19 pandemic

https://www.ftc.gov/news-events/blogs/business-blog/2020/06/privacy-during-coronavirus

 

06-23-20

Basel Committee proposes amendment to capital rules for non-performing loan securitisations

https://www.bis.org/press/p200623.htm

 

National Advertising Initiative releases “Best Practices: Using Information Collected for Tailored Advertising or Ad Delivery and Reporting for Non-Marketing Purposes”

https://www.networkadvertising.org/sites/default/files/nai_nonmarketing-bestpractices-0620_final.pdf

 

HIPAA Journal May 2020 Healthcare Data Breach Report

https://www.hipaajournal.com/may-2020-healthcare-data-breach-report/

 

06-24-20

OCC – Interim Final Rule – Assessment of Fees

https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-13719.pdf

 

CFTC – Final Interpretive Guidance – Retail Commodity Transactions Involving Certain Digital Assets

https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-11827.pdf

 

Bureau of Indian Affairs – Final Rule / Technical Amendment – Change of Address; Office of Indian Gaming for Submission of Tribal-State Class III Gaming Compacts

https://www.govinfo.gov/content/pkg/FR-2020-06-24/pdf/2020-13060.pdf

 

FERC issues Notice of Inquiry on “Potential Enhancements to the Critical Infrastructure Protection Reliability Standards”

https://s3.amazonaws.com/public-inspection.federalregister.gov/2020-13618.pdf

 

“The DOD wants better cybersecurity for its contractors. The first steps haven’t been easy.”

[Article on status of the Cybersecurity Maturity Model Certification (CMMC)]

https://www.fedscoop.com/cmmc-dod-cybersecurity-requirments-contractors-timeline/

 

European Commission issues two-year evaluation report on GDPR

https://ec.europa.eu/commission/presscorner/detail/en/ip_20_1163

 

06-25-20

 

 

California Privacy Rights Act (CPRA) qualifies for November ballot

https://elections.cdn.sos.ca.gov/ccrov/pdf/2020/june/20123jh.pdf

 

Washington State AG announces $100,000 fine against Super Basic and its parent company, Maple Media, over alleged U.S. Children’s Online Privacy Protection Act (COPPA) violations

https://www.atg.wa.gov/news/news-releases/ag-ferguson-tech-companies-pay-100000-violating-childrens-online-privacy

 

06-26-20

 

FDIC – Final Rule – Assessments, Mitigating the Deposit Insurance Assessment Effect of Participation in the Paycheck Protection Program (PPP), the PPP Liquidity Facility, and the Money Market Mutual Fund Liquidity Facility

https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13751.pdf

 

CFPB – Interpretive Rule – Truth in Lending (Regulation Z); Determining ‘‘Underserved’’ Areas Using Home Mortgage Disclosure Act Data

https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13801.pdf

 

FCC – Final Rule – Implementing the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act

https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-11252.pdf

 

FCC – Final Rule – Advanced Methods To Target and Eliminate Unlawful Robocalls

https://www.govinfo.gov/content/pkg/FR-2020-06-26/pdf/2020-13748.pdf

 

PCI – What’s New in PCI SPoC Security Standard Version 1.1?

https://blog.pcisecuritystandards.org/whats-new-in-pci-spoc-security-standard-version-1-1