In a release on July 16, the Commodity Futures Trading Commission (CFTC) encourages financial institutions to use a standardized approach to assess and improve their cybersecurity preparedness. Although the CFTC does not endorse any particular tool, the CFTC specifically identifies various organizations providing best practices to the industry, including the National Institute of Standards and Technology, the International Organization for Standardization, the Information Systems Audit and Control Association and the Information Technology Infrastructure Library. The CFTC also lists a number of standardized tools that support financial institutions in their self-assessment activities, including the Financial Services Sector Coordinating Council Cybersecurity Profile, the NIST Cybersecurity Framework, the ISO Cybersecurity Standard, and the ISACA COBIT Framework. The CFTC added that regulated entities should assess their cybersecurity and system safeguards programs using the standardized cybersecurity tool that they believe best fits their particular risks and circumstances.
For its part, the CFTC noted that it uses all generally accepted cybersecurity standards and best practices in its oversight of regulated entity cybersecurity and system safeguards.
For more information, the full release is available here.