Core Advisory
Risk Transformation
Enterprise Security Architecture
Cyber Defense and Incident Response
Emerging Technologies & AI
Overview
This document provides a summary of GRC related source changes and updates. It is not a
comprehensive list of applicable changes or regulations.
Please consult with your legal / compliance team for applicability to your organization or other
relevant changes and updates.
_____________________________________________________________________________________
04-03-17
President signs bill overturning FCC internet privacy rules:
https://www.recode.net/2017/4/3/15169748/donald-trump-ends-federal-online-privacy-rules-fcc-data-
advertisers
04-04-17
Basel Committee releases guidance on: Prudential treatment of problem assets – definitions of non-
performing exposures and forbearance
https://www.bis.org/bcbs/publ/d403.htm
CFPB – Proposed Rule – Amendments to Equal Credit Opportunity Act (Regulation B) Ethnicity and Race
Information Collection
https://www.gpo.gov/fdsys/pkg/FR-2017-04-04/pdf/2017-06195.pdf
04-06-17
HHS – CMS – Correcting Amendment – Medicare Program: Hospital Outpatient Prospective Payment
and Ambulatory Surgical Center Payment Systems and Quality Reporting Programs; Organ
Procurement Organization Reporting and Communication; Transplant Outcome Measures and
Documentation Requirements; Electronic Health Record (EHR) Incentive Programs; Payment to
Nonexcepted Off-Campus Provider- Based Department of a Hospital; Hospital Value-Based Purchasing
(VBP) Program; Establishment of Payment Rates Under the Medicare Physician Fee Schedule for
Nonexcepted Items and Services Furnished by an Off-Campus Provider-Based Department of a Hospital;
Correcting Amendment
https://www.gpo.gov/fdsys/pkg/FR-2017-04-06/pdf/2017-06903.pdf
04-07-17
OCC issues “National Bank Director Waivers” booklet of the Comptroller’s Licensing Manual.
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-14.html
04-11-17
FTC Halts Imposter Scheme that Falsely Claimed Connection to the Agency
https://www.ftc.gov/news-events/press-releases/2017/04/ftc-halts-imposter-scheme-falsely-claimed-
connection-agency
04-12-17
SEC – Final Rule – Inflation Adjustments and Other Technical Amendments Under Titles I and III of the
Jobs Act
https://www.gpo.gov/fdsys/pkg/FR-2017-04-12/pdf/2017-06797.pdf
NIST publishes Draft SP 800-190 “Application Container Security Guide”
http://csrc.nist.gov/publications/drafts/800-190/sp800-190-draft.pdf
SWIFT launches new anti-fraud payment control service
https://www.swift.com/news-events/news/swift-launches-new-anti-fraud-payment-control-service-for-
customers
04-13-17
NRC – Proposed Rule – Emergency Preparedness for Small Modular Reactors and Other New
Technologies
https://www.gpo.gov/fdsys/pkg/FR-2017-04-13/pdf/2017-07502.pdf
NIST – Recent Cryptanalysis of FF3
http://csrc.nist.gov/news_events/#apr12
OCC issues the “Retail Lending” booklet of the Comptroller’s Handbook:
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-15.html
FDA issues warning letter to Abbott over medical device safety and security issues:
http://thehill.com/policy/cybersecurity/328752-fda-threatens-st-jude-medical-devices-over-poor-
cybersecurity
https://www.fda.gov/ICECI/EnforcementActions/WarningLetters/2017/ucm552687.htm
04-18-17
FRB – Final Rule – Regulation A: Extensions of Credit by Federal Reserve Banks
https://www.gpo.gov/fdsys/pkg/FR-2017-04-18/pdf/2017-07742.pdf
FRB – Final Rule – Regulation D: Reserve Requirements of Depository Institutions
https://www.gpo.gov/fdsys/pkg/FR-2017-04-18/pdf/2017-07743.pdf
04-19-17
DOE – Liberty Eclipse Energy Cyber Incident Exercise – Exercise Summary Report
https://energy.gov/sites/prod/files/2017/04/f34/LE%20FINAL%20Exercise%20Summary%2031March2017_Public%20Doc.pdf
04-20-17
Beijing cyber regulators to summon Apple over live streaming: Xinhua
http://www.cnbc.com/2017/04/19/apple-summoned-by-china-regulators-over-live-streaming-apps-
report-says.html
04-21-61
CFPB – Policy Guidance and Procedural Rule – Policy on Ex Parte Presentations in Rulemaking
Proceedings
https://www.gpo.gov/fdsys/pkg/FR-2017-04-21/pdf/2017-08096.pdf
FRB-OIG – Evaluation Report 2017-IT-B-009: The Board Can Enhance Its Cybersecurity Supervision
Approach in the Areas of Third-Party Service Provider Oversight, Resource Management, and
Information Sharing
https://oig.federalreserve.gov/reports/board-cybersecurity-supervision-apr2017.pdf
FTC Approves Final Consent Order with Online Company Charged with Deceptively Tracking Consumers
Online and Through Mobile Devices:
https://www.ftc.gov/news-events/press-releases/2017/04/ftc-approves-final-consent-order-online-
company-charged
04-24-17
SEC – Request for Comment on Possible Changes to Industry Guide 3 (Statistical Disclosure by Bank
Holding Companies); Extension of Comment Period
https://www.gpo.gov/fdsys/pkg/FR-2017-04-24/pdf/2017-08160.pdf
04-25-17
FTC – Children’s Online Privacy Protection Rule Safe Harbor Proposed Self-Regulatory Guidelines; TRUSTe
COPPA Safe Harbor Program Application to Modify Program Requirements
https://www.gpo.gov/fdsys/pkg/FR-2017-04-25/pdf/2017-08248.pdf
CFPB – Proposed Rule – Technical Corrections and Clarifying Amendments to the Home Mortgage
Disclosure (Regulation C) October 2015 Final Rule
https://www.gpo.gov/fdsys/pkg/FR-2017-04-25/pdf/2017-07838.pdf
CFPB – Final Rule – Prepaid Accounts Under the Electronic Fund Transfer Act (Regulation E) and the Truth
in Lending Act (Regulation Z); Delay of Effective Date
https://www.gpo.gov/fdsys/pkg/FR-2017-04-25/pdf/2017-08341.pdf
Basel Committee releases twelfth progress report on adoption of the Basel regulatory framework:
https://www.bis.org/bcbs/publ/d404.htm
04-28-17
HHS-CMS – Proposed Rule – Medicare and Medicaid Electronic Health Record (EHR) Incentive Program
Requirements for Eligible Hospitals, Critical Access Hospitals, and Eligible Professionals …
https://www.gpo.gov/fdsys/pkg/FR-2017-04-28/pdf/2017-07800.pdf
AICPA issues cybersecurity risk management reporting framework:
https://www.aicpa.org/InterestAreas/FRC/AssuranceAdvisoryServices/Pages/AICPACybersecurityInitiative.aspx
CFTC’s Division of Market Oversight Issues Guidance on the Calculation of Projected Operating Costs by
Designated Contract Markets and Swap Execution Facilities:
http://www.cftc.gov/PressRoom/PressReleases/pr7552-17#PrRoWMBL
FCC adopts a new regulatory framework for business data services:
https://www.fcc.gov/document/business-data-services-report-and-order
PCI Security Standards Council has published “Information Supplement: Best Practices for
Securing E-commerce”
https://www.pcisecuritystandards.org/pdfs/best_practices_securing_ecommerce.pdf?agreement=true&time=1493435194899
05-01-17
FDIC Releases Final Handbook for De Novo Organizers Applying for Deposit Insurance:
https://www.fdic.gov/news/news/press/2017/pr17035.html
05-02-17
FS-ISAC announces creation of the Global Resilience Federation (GRF):
https://www.fsisac.com/sites/default/files/news/Release_FSISAC-GRFLaunch-20170502.pdf
http://www.grfederation.org/
05-03-17
Office of the President – Executive Order 13794 of April 28, 2017
Establishment of the American Technology Council
https://www.gpo.gov/fdsys/pkg/FR-2017-05-03/pdf/2017-09083.pdf
05-04-17
DHS – Proposed Rule – Privacy Act of 1974: Implementation of Exemptions; Department of Homeland
Security/U.S. Immigration and Customs Enforcement–016 FALCON Search and Analysis System of
Records
https://www.gpo.gov/fdsys/pkg/FR-2017-05-04/pdf/2017-09026.pdf
U.S. & Japan reach cyber information sharing agreement:
http://thehill.com/policy/cybersecurity/331979-us-japan-deepen-cyber-information-
sharing?utm_source=&utm_medium=email&utm_campaign=8549
05-08-17
CFTC – Proposed Rule – Chief Compliance Officer Duties and Annual Report Requirements for Futures
Commission Merchants, Swap Dealers, and Major Swap Participants; Amendments
https://www.gpo.gov/fdsys/pkg/FR-2017-05-08/pdf/2017-09229.pdf
NIST / NCCoE releases draft of the NIST Cybersecurity Practice Guide, “Securing Wireless Infusion Pumps
in Healthcare Delivery Organizations”
https://nccoe.nist.gov/projects/use_cases/medical_devices
OCC issues “Fiduciary Powers” booklet of the Comptroller’s Licensing Manual:
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-16.html
OCC issues “Public Notice and Comments” booklet of the Comptroller’s Licensing Manual:
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-17.html
DHS submits “Study on Mobile Device Security”
https://www.dhs.gov/sites/default/files/publications/DHS%20Study%20on%20Mobile%20Device%20Security%20-%20April%202017-FINAL.pdf
Hong Kong Securities and Futures Commission (SFC) publishes new proposed cybersecurity rules:
http://www.reuters.com/article/hongkong-cybercrime-rules-
idUSL4N1IA3KN?utm_source=&utm_medium=email&utm_campaign=8604
05-09-17
NRC – Preliminary draft regulatory analysis; request for comment – Regulatory Improvements for Power
Reactors Transitioning to Decommissioning
https://www.gpo.gov/fdsys/pkg/FR-2017-05-09/pdf/2017-09332.pdf
SEC – Proposed Rule – Amendments to Investment Advisers Act Rules To Reflect Changes Made by the
FAST Act
https://www.gpo.gov/fdsys/pkg/FR-2017-05-09/pdf/2017-09334.pdf
CFTC – Request for information – Project KISS
https://www.gpo.gov/fdsys/pkg/FR-2017-05-09/pdf/2017-09318.pdf
SEC – Final Rule – Technical Amendments to Form ADV and Form ADV–W
https://www.gpo.gov/fdsys/pkg/FR-2017-05-09/pdf/2017-09331.pdf
FTC launches website to assist small businesses with cybersecurity and other issues:
https://www.ftc.gov/SmallBusiness
05-11-17
CFPB – Request for Information Regarding 2013 Real Estate Settlement Procedures Act Servicing Rule
Assessment
https://www.gpo.gov/fdsys/pkg/FR-2017-05-11/pdf/2017-09361.pdf
Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical
Infrastructure
https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-
cybersecurity-federal
FCC – Public Notice – Guidance on the FCC’s Sunshine Period in the Restoring Internet Freedom
Proceeding
http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0511/DA-17-454A1.pdf
05-15-17
NIST has released NISTIR 8170, “The Cybersecurity Framework Implementation Guidance for Federal
Agencies”
http://csrc.nist.gov/publications/drafts/nistir-8170/nistir8170-draft.pdf
NIST has released SP 800-121 Revision 2, “Guide to Bluetooth Security”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-121r2.pdf
05-17-17
FCC – Proposed Rule – Advanced Methods To Target and Eliminate Unlawful Robocalls
https://www.gpo.gov/fdsys/pkg/FR-2017-05-17/pdf/2017-09463.pdf
05-18-17
FCC votes to advance net neutrality repeal
http://transition.fcc.gov/Daily_Releases/Daily_Business/2017/db0518/DOC-344948A1.pdf
EU Commission fines Facebook 110M euros
https://iapp.org/news/a/eu-commission-fines-facebook-100m-euros/
05-19-17
NSTAC Report to the President on Emerging Technologies: Strategic Vision Executive Summary
https://www.dhs.gov/sites/default/files/publications/Draft%20NSTAC%20ETSV%20Report%20Executive%20Summary%20508%20Compliant_1.pdf
05-22-17
FCC Commissioner opposes states’ efforts to enact broadband privacy laws:
https://iapp.org/news/a/fcc-commissioner-wants-to-stop-states-from-creating-broadband-privacy-
rules/
05-23-17
OCC updates policies and procedures regarding violations of laws and regulations:
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-18.html
05-24-17
CFTC – Request for Information; Correction – Project KISS
https://www.gpo.gov/fdsys/pkg/FR-2017-05-24/pdf/2017-10622.pdf
Internet Association statement on the BROWSER Act:
New York Attorney General Announces Settlement with Tech Company Over Sale Of Insecure Wireless
Door And Padlocks
https://ag.ny.gov/press-release/ag-schneiderman-announces-settlement-tech-company-over-sale-
insecure-bluetooth-door
India makes biometrics mandatory for all e-gov projects:
https://www.theregister.co.uk/2017/05/24/india_makes_biometrics_mandatory_for_all_egov_projects/
05-30-17
CFTC – Final Rule – Recordkeeping
https://www.gpo.gov/fdsys/pkg/FR-2017-05-30/pdf/2017-11014.pdf
CFTC – Final Rule – Whistleblower Awards Process
https://www.gpo.gov/fdsys/pkg/FR-2017-05-30/pdf/2017-10801.pdf
NIST has released Draft SP 800-193, “Platform Firmware Resiliency Guidelines”
http://csrc.nist.gov/publications/drafts/800-193/sp800-193-draft.pdf
06-01-17
China’s Cybersecurity Law Takes Effect:
https://lawfareblog.com/chinas-cybersecurity-law-takes-effect-what-expect
06-02-17
FRB – Proposed Rule – Availability of Funds and Collection of Checks (Regulation CC)
https://www.gpo.gov/fdsys/pkg/FR-2017-06-02/pdf/2017-11380.pdf
FCC – Proposed Rule – Restoring Internet Freedom
https://www.gpo.gov/fdsys/pkg/FR-2017-06-02/pdf/2017-11455.pdf
FCC – Final Rule – Business Data Services in an Internet Protocol Environment; Technology Transitions;
Special Access for Price Cap Local Exchange Carriers; AT&T Corporation Petition for Rulemaking To
Reform Regulation of Incumbent Local Exchange Carrier Rates for Interstate Special Access Services
https://www.gpo.gov/fdsys/pkg/FR-2017-06-02/pdf/2017-10713.pdf
06-05-17
Health Care Industry Cybersecurity Task Force – Report on Improving Cybersecurity in the Health Care
Industry
https://www.phe.gov/Preparedness/planning/CyberTF/Documents/report2017.pdf
European Parliament releases study on proposed ePrivacy Regulation:
http://www.europarl.europa.eu/RegData/etudes/STUD/2017/583152/IPOL_STU(2017)583152_EN.pdf
06-06-17
OCC issues “Termination of Federal Charter” booklet of the Comptroller’s Licensing Manual.
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-20.html
EU Commission Issues Questionnaire in Preparation for Annual Review of Privacy Shield
https://www.huntonprivacyblog.com/2017/06/05/eu-commission-issues-questionnaire-preparation-
annual-review-privacy-shield/
06-07-16
NCUA – Proposed Rule – Appeals Procedures
https://www.gpo.gov/fdsys/pkg/FR-2017-06-07/pdf/2017-11319.pdf
NCUA – Proposed Rule – Supervisory Review Committee; Procedures for Appealing Material Supervisory
Determinations
https://www.gpo.gov/fdsys/pkg/FR-2017-06-07/pdf/2017-11320.pdf
Basel Committee publishes revised “Sound management of risks related to money laundering and
financing of terrorism”
https://www.bis.org/bcbs/publ/d405.htm
OCC has issued frequently asked questions (FAQ) to supplement OCC Bulletin 2013-29, “Third-Party
Relationships: Risk Management Guidance”
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-21.html
06-08-17
NCUA – Proposed Rule – Bylaws; Bank Conversions and Mergers; and Voluntary Mergers of Federally
Insured Credit Unions
https://www.gpo.gov/fdsys/pkg/FR-2017-06-08/pdf/2017-11331.pdf
Basel Committee issues second set of frequently asked questions (FAQs) and answers on Basel III’s
Liquidity Coverage Ratio (LCR).
https://www.bis.org/bcbs/publ/d406.htm
06-12-17
Washington State passes biometric data law:
http://lawfilesext.leg.wa.gov/biennium/2017-18/Pdf/Bills/Session%20Laws/House/1493-S.SL.pdf
06-13-17
South Korea joins APEC Cross-Border Privacy Rules system:
https://iapp.org/news/a/south-korea-joins-apec-cross-border-privacy-rules-system/
OCR Issues Guidance on the Correct Response to a Cyberattack:
OCR Issues Guidance on the Correct Response to a Cyberattack
06-15-17
FRB – Final Rule – Availability of Funds and Collection of Checks
https://www.gpo.gov/fdsys/pkg/FR-2017-06-15/pdf/2017-11379.pdf
NIST releases NISTIR 8011, “Automation Support for Security Control Assessments” (Volumes 1 & 2)
http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8011-1.pdf
http://nvlpubs.nist.gov/nistpubs/ir/2017/NIST.IR.8011-2.pdf
06-19-17
FTC Offers Comment on Process Aimed at Improving Security of Internet of Things Devices
https://www.ftc.gov/news-events/press-releases/2017/06/ftc-offers-comment-process-aimed-
improving-security-internet
OCC issues “Articles of Association, Charter, and Bylaw Amendments” booklet of the Comptroller’s
Licensing Manual.
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-23.html
06-20-17
CFTC – Interim Final Rule – Revisions to Freedom of Information Act Regulations
https://www.gpo.gov/fdsys/pkg/FR-2017-06-20/pdf/2017-12775.pdf
06-21-17
FDA – Proposed Rule – Use of Electronic Records and Electronic Signatures in Clinical Investigations
Under Part 11— Questions and Answers; Draft Guidance for Industry; Availability
https://www.gpo.gov/fdsys/pkg/FR-2017-06-21/pdf/2017-12811.pdf
NIST publishes June 2017 ITL Bulletin:
http://csrc.nist.gov/publications/nistbul/itlbul2017-06.pdf
HHS-CMS releases Proposed Rule on Medicare Program: CY 2018 Updates to the Quality Payment
Program
https://www.federalregister.gov/documents/2017/06/30/2017-13010/medicare-program-cy-2018-
updates-to-the-quality-payment-program
U.S. Chamber of Commerce issues “Principles for Fair and Accurate Security Ratings”
https://www.uschamber.com/issue-brief/principles-fair-and-accurate-security-ratings
06-22-17
DOE – Proposed Rule – Human Reliability Program
https://www.gpo.gov/fdsys/pkg/FR-2017-06-22/pdf/2017-12810.pdf
Basel Committee releases Implementation: Range of practices in implementing the countercyclical
capital buffer policy
https://www.bis.org/bcbs/publ/d407.htm
NIST has published:
SP 800-63-3, “Digital Identity Guidelines”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63-3.pdf
SP 800-63A, “Digital Identity Guidelines – Enrollment and Identity Proofing”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63a.pdf
SP 800-63B, “Digital Identity Guidelines – Authentication and Lifecycle Management”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63b.pdf
SP 800-63C, “Digital Identity Guidelines – Federation and Assertions”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-63c.pdf
FTC requests comments on CAN-SPAM Rule:
https://www.ftc.gov/system/files/documents/federal_register_notices/2017/06/170621_can-
spam_rule_review_fed_reg_notice.pdf
06-26-17
FRB – Final Rule – Regulation A: Extensions of Credit by Federal Reserve Banks
https://www.gpo.gov/fdsys/pkg/FR-2017-06-26/pdf/2017-13106.pdf
FRB – Final Rule – Regulation D: Reserve Requirements of Depository Institutions
https://www.gpo.gov/fdsys/pkg/FR-2017-06-26/pdf/2017-13107.pdf
CFTC – Final Rule – Commission Delegated Authority Provisions and Technical Amendments
https://www.gpo.gov/fdsys/pkg/FR-2017-06-26/pdf/2017-13243.pdf
NIST publishes SP 800-12 Rev 1, An Introduction to Information Security:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-12r1.pdf
06-27-17
FTC updates COPPA guidance:
https://www.ftc.gov/tips-advice/business-center/guidance/childrens-online-privacy-protection-rule-six-
step-compliance
06-28-17
FTC – Rule Review – CAN–SPAM Rule
https://www.gpo.gov/fdsys/pkg/FR-2017-06-28/pdf/2017-13471.pdf
06-29-17
CFPB – Proposed Rule – Amendments to Rules Concerning Prepaid Accounts Under the Electronic Fund
Transfer Act (Regulation E) and the Truth in Lending Act (Regulation Z)
https://www.gpo.gov/fdsys/pkg/FR-2017-06-29/pdf/2017-12845.pdf
Basel Committee issues “Consultative Document: Simplified alternative to the standardised approach to
market risk capital requirements
https://www.bis.org/bcbs/publ/d408.htm
NIST releases SP 800-192, “Verification and Test Methods for Access Control Policies/Models”
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-192.pdf
OCC issues revised “Branch Closings” booklet of the Comptroller’s Licensing Manual.
https://www.occ.treas.gov/news-issuances/bulletins/2017/bulletin-2017-24.html
06-30-17
CMS-HHS – Proposed Rule – Medicare Program; CY 2018 Updates to the Quality Payment Program
https://www.gpo.gov/fdsys/pkg/FR-2017-06-30/pdf/2017-13010.pdf
NCUA – Final Rule – Safe Harbor
https://www.gpo.gov/fdsys/pkg/FR-2017-06-30/pdf/2017-13636.pdf
NCUA – Final Rule – Civil Monetary Penalty Inflation Adjustment
https://www.gpo.gov/fdsys/pkg/FR-2017-06-30/pdf/2017-13643.pdf
NCUA – Final Rule – Revisions to the Freedom of Information Act Regulation
https://www.gpo.gov/fdsys/pkg/FR-2017-06-30/pdf/2017-13640.pdf
CFPB – Policy Guidance – Policy Guidance on Supervisory and Enforcement Priorities Regarding Early
Compliance With the 2016 Amendments to the 2013 Mortgage Rules Under the Real Estate
Settlement Procedures Act (Regulation X) and the Truth in Lending Act (Regulation Z)
https://www.gpo.gov/fdsys/pkg/FR-2017-06-30/pdf/2017-13799.pdf