Cybersecurity is a risk that the Market Participants Division (MPD) and CFTC take seriously. We appreciate that Registrants also take cybersecurity seriously. To facilitate a better dialogue with Registrants, MPD has created an email inbox, [email protected] for reports and questions relating to cybersecurity.
In addition, the Division may send Cyber Alerts to registrants depending on facts and circumstances. The Cyber Alerts will be sent to registrant email(s) as listed by registrants in their NFA registration. The Cyber Alerts emails will be sent by GovDelivery.com. For further details regarding Division Alerts, see Delivery of DSIO Alerts via GovDelivery, May 22, 2020, by Director Sterling in Right Margin.
Below are cybersecurity related resources:
- MPD Cyber Alert White House DHS CISA Protecting against Malicious Cyber Activity December 17, 2021 link here:
https://www.cftc.gov/media/6881/MPDCyberAlert121721/download - MPD Cyber Alert Apache Log4j Vulnerability Guidance from CISA DHS December 14, 2021 link here:
https://www.cftc.gov/media/6886/MPDCyberAlert121421/download - DHS Cybersecurity and Infrastructure Security Agency
The Department of Homeland Security has a subsidiary that focuses on Cybersecurity. The DHS subsidiary is named Cybersecurity and Infrastructure Security Agency (CISA), link here: https://www.cisa.gov/. In addition to numerous educational resources, CISA has a Cybersecurity Alert Sign Up service available to the public, link here:
https://public.govdelivery.com/accounts/USDHSCISA/subscriber/new?qsp=CODE_RED - MPD Cybersecurity during Coronavirus (COVID-19) Alert March 19, 2020 link here:
https://www.cftc.gov/media/3666/DSIOCyberAlert031920/download - MPD Advisory 14-21 Safeguarding Customer Information Regulation 160.30 Feb. 26, 2014 link here:
https://www.cftc.gov/sites/default/files/idc/groups/public/@lrlettergeneral/documents/letter/14-21.pdf - CFTC Enforcement FCM failure to diligently supervise IT provider exposed customer information to Cyber Attack, In the Matter of AMP Global Clearing LLC Feb. 12, 2018 link here:
https://www.cftc.gov/sites/default/files/idc/groups/public/@lrenforcementactions/documents/legalpleading/enfampglobalorder021218.pdf - NFA Updated Information Systems Security Program Interpretations March 11, 2019 Notice to Members link here:
https://www.nfa.futures.org/news/newsNotice.asp?ArticleID=5097 - NFA Cybersecurity Guidance link here:
https://www.cftc.gov/About/CFTCOrganization/NFACybersecurityGuidance083118 - NFA Cyber Incident Notice Reporting System effective Apr. 1, 2019 link here:
https://www.nfa.futures.org/news/newsNotice.asp?ArticleID=5097 - SEC OCIE Cybersecurity Observations January 27, 2020 link here:
https://www.sec.gov/report/ocie-cybersecurity-resiliency-observations - SEC OCIE Risk Alert Third Party Vendor Cloud Storage Nov. 7, 2019 link here:
https://www.sec.gov/ocie/announcement/risk-alert-network-storage - FINRA Cybersecurity webpage link here:
https://www.finra.org/rules-guidance/key-topics/cybersecurity#overview