On April 17th, the National Institute for Standards and Technology (NIST) released an updated version of its Cybersecurity Framework, known as version 1.1. The update concentrates on:
- vendor and supply chain risk management;
- governance measures, including integrating risk management throughout the firm’s operations and budgeting by senior level executives to account for cybersecurity needs; and
- the importance of effective internal communication and sharing information regarding emerging cyber threats.
WHAT DOES THIS MEAN FOR ME?
The SEC has not yet adopted specific rules addressing cybersecurity requirements. However, the SEC has made it clear through Risk Alerts, IM Guidance and regulatory examinations and enforcement actions that they expect registered investment advisers to have taken steps to ensure that adequate cybersecurity measures are in place.
Firms are encouraged to review the new version of NIST’s Cybersecurity Framework and consider any possible adaptations for use within their own cybersecurity policies and procedures. For further questions for information, please reach out to Fairview directly.