/The National Institute for Standards and Technology Updates Cybersecurity Framework

The National Institute for Standards and Technology Updates Cybersecurity Framework

WHAT HAPPENED?

On April 17th, the National Institute for Standards and Technology (NIST) released an updated version of its Cybersecurity Framework, known as version 1.1.  The update concentrates on:

  1. vendor and supply chain risk management;
  2. governance measures, including integrating risk management throughout the firm’s operations and budgeting by senior level executives to account for cybersecurity needs; and
  3. the importance of effective internal communication and sharing information regarding emerging cyber threats.

WHAT DOES THIS MEAN FOR ME?

The SEC has not yet adopted specific rules addressing cybersecurity requirements. However, the SEC has made it clear through Risk Alerts, IM Guidance and regulatory examinations and enforcement actions that they expect registered investment advisers to have taken steps to ensure that adequate cybersecurity measures are in place.

Firms are encouraged to review the new version of NIST’s Cybersecurity Framework and consider any possible adaptations for use within their own cybersecurity policies and procedures.  For further questions for information, please reach out to Fairview directly.

About the Author:

Fairview
Founded in 2005 with the goal of developing streamlined back office solutions for investment advisers. Fairview is now servicing investment advisers, foundations and funds with over $185 billion in collective assets.