Newsroom
February 03, 2016
NAFCU urges NIST to keep cyber framework voluntary
NAFCU yesterday encouraged the National Institute of Standards and Technology to keep its cybersecurity framework voluntary and that the framework remains "scalable and flexible in its application to financial institutions of all sizes and structures."
NIST released its cybersecurity framework in 2014. NAFCU Regulatory Affairs Counsel Kavitha Subramanian, writing yesterday in response to NIST's request for information on the framework, urged NIST "to continue to provide leadership and insight to ensure that the cybersecurity frameworks remain feasible to implement and adaptive to evolving risks."
She asked that NIST, when updating its framework, follow a similar approach as that taken by the Federal Financial Institutions Examination Council, which released a voluntary cybersecurity assessment tool in 2015.
"NAFCU recommends that NIST carefully study the framework adopted in the Assessment and ensure that the revised NIST framework follow a similar approach, especially since the National Credit Union Administration (NCUA) and other FFIEC regulators will be incorporating this Assessment into the supervisory and examination process for financial institutions," she wrote.
She also noted the need for legislative measures to ensure that cyber and data security can be achieved for consumers and the financial services industry. Subramanian noted NAFCU's support for the "Data Security Act of 2015" (H.R. 2205/S. 961), and urged NIST to "use its expertise to educate lawmakers and regulators about the emerging cybersecurity threats and the need for real-time multi-sector collaboration to prevent consumer data breaches."
NIST released its cybersecurity framework in 2014. NAFCU Regulatory Affairs Counsel Kavitha Subramanian, writing yesterday in response to NIST's request for information on the framework, urged NIST "to continue to provide leadership and insight to ensure that the cybersecurity frameworks remain feasible to implement and adaptive to evolving risks."
She asked that NIST, when updating its framework, follow a similar approach as that taken by the Federal Financial Institutions Examination Council, which released a voluntary cybersecurity assessment tool in 2015.
"NAFCU recommends that NIST carefully study the framework adopted in the Assessment and ensure that the revised NIST framework follow a similar approach, especially since the National Credit Union Administration (NCUA) and other FFIEC regulators will be incorporating this Assessment into the supervisory and examination process for financial institutions," she wrote.
She also noted the need for legislative measures to ensure that cyber and data security can be achieved for consumers and the financial services industry. Subramanian noted NAFCU's support for the "Data Security Act of 2015" (H.R. 2205/S. 961), and urged NIST to "use its expertise to educate lawmakers and regulators about the emerging cybersecurity threats and the need for real-time multi-sector collaboration to prevent consumer data breaches."
Share This
Related Resources
Data Privacy Issue Brief
Whitepapers
Data Privacy Issue Brief
Whitepapers
NAFCU Data Privacy Principles
Whitepapers
Compliance Monitor - August 2018
Newsletter
Get daily updates.
Subscribe to NAFCU today.