Recently, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency (“OCC”), and the Federal Deposit Insurance Corporation (“FDIC”) extended the comment period for their advance notice of proposed rulemaking regarding enhanced cyber risk management standards. It is now open until February 17, 2017. The agencies made this change due to the range and complexity of the issues addressed.
The original advance notice of proposed rulemaking was published to the Federal Register in October 2016. The proposed rulemaking covers enhanced cyber risk management standards for large and interconnected entities who fall under the supervision of the either the Federal Reserve, the OCC or the FDIC. In particular, five categories of cyber standards are addressed: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience and situation awareness.
Comments may be submitted through the Federal Reserve’s website, the Federal eRulemaking portal, e-mail or via Fax.
The original advanced notice, along with instructions on how to submit comments, may be found here: https://www.federalreserve.gov/newsevents/press/bcreg/bcreg20161019a1.pdf.
The full notice of extension may be found here: https://www.fdic.gov/news/news/press/2017/pr17003a.pdf.