December 16, 2015

CFTC Unanimously Approves Proposed Enhanced Rules on Cybersecurity for Derivatives Clearing Organizations, Trading Platforms, and Swap Data Repositories

Washington, DC — The U.S. Commodity Futures Trading Commission (Commission) today voted unanimously to approve two proposals for amendments to existing regulations addressing cybersecurity testing and safeguards for the automated systems used by critical infrastructures the Commission regulates. The proposals will be open for public comment during a 60-day comment period after their publication in the Federal Register.

The proposals, to be published in separate Federal Register Notices, identify five types of cybersecurity testing as essential to a sound system safeguards program: (1) vulnerability testing, (2) penetration testing, (3) controls testing, (4) security incident response plan testing, and (5) enterprise technology risk assessments.

The two proposals would require all derivatives clearing organizations, designated contract markets, swap execution facilities, and swap data repositories to conduct each of the five types of cybersecurity testing, as frequently as indicated by appropriate risk analysis. In addition, the proposals would specify minimum testing frequency requirements for all derivatives clearing organizations and swap data repositories and specified designated contract markets, and require them to have certain tests performed by independent contractors.

Comments may be submitted electronically through the Commission’s Comment Online process.

Last Updated: December 16, 2015