January 17, 2017

Federal Reserve, OCC, FDIC: Enhanced Cyber Risk Management Standards Joint Advance Notice of Proposed Rulemaking

In this letter, the CAQ provides auditing profession views on cybersecurity to the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation. The letter responds to an advance notice of proposed rulemaking from those agencies regarding enhanced cyber risk management standards for large interconnected entities under their supervision and those entities’ service providers. The CAQ offers perspective on cyber risk governance, cybersecurity resources and expertise, the compliance environment, and the value of a principles-based approach to regulation of cybersecurity risk management.