What’s new in 2023? Dayspring Technology has reviewed and compiled a list of newly released and updated cybersecurity and regulatory compliance standards for the first half of the year.
“Businesses that operate in regulated industries should stay up-to-date on these changes to ensure that they are in compliance,” says Ryan Coleman, Dayspring Technology Principal Consultant.
Here is a sampling of the cybersecurity and regulatory compliance standards that have been released or updated in the past 6 months:
FTC Updates Safeguard Rule IT Regulatory Compliance Requirements
The U.S. FTC extended the deadline for compliance with some changes to the Safeguard Rule by 6 months into the first half of the year. The new deadline passed on June 9, 2023. This updated Rule includes requirements for planning and actions to address IT solutions such as multi-factor authentication, ransomware, and actions to reduce reasonably foreseeable internal and external risks including data breaches and data leakage. The safeguard rule applies to a variety of financial institutions, brokers, car dealers, and some MSPs.
Contact our cybersecurity compliance experts today at email@example.com.
European Commission Updates GDPR Guidelines
The European Commission released new guidelines on the General Data Protection Regulation (GDPR). The guidelines provide more clarity on how businesses should comply with the GDPR. The EC has also indicated GDPR 2.0 is in the works!
SEC Issues New Cybersecurity Guidelines for Investment Advisors
The U.S. Securities and Exchange Commission (SEC) issued new guidance on cybersecurity for investment advisers in February 2023. The guidance provides guidance on how investment advisers can protect their clients’ data from cyberattacks. The proposed rule requires covered entities to adopt and implement written cybersecurity policies and procedures to address cybersecurity risks. The Commission also is proposing a new rule to report significant cybersecurity incidents affecting the adviser, its fund or private clients to the Commission.
HHS Updates Guidance on HIPAA
The U.S. Department of Health and Human Services (HHS) updated its guidance on the Health Insurance Portability and Accountability Act (HIPAA). The updated guidance provides more clarity on how healthcare organizations can comply with HIPAA, including guidance on specific medical conditions, updates to the Breach Notification Rule, the creations of a Part 2 Complaints process, and financial penalties for failing to meet the Part 2 requirements.
DOT Issues New Cybersecurity Transportation Regulations
The U.S. Department of Transportation (DOT) issued new regulations on cybersecurity for transportation systems, specifically in the aviation sector. The regulations require transportation systems to implement security measures to protect against cyberattacks including network segmentation, access control, monitoring and threat detection, CTI, and network and software updates/patching.
These are just a few of the new cybersecurity and regulatory compliance standards that have been released or updated in the past 6 months. Dayspring Technology is well versed in a variety of management frameworks including the NIST CSF and 800-series controls and the technology recommended for regulated businesses to comply with common controls.