Regulatory Alerts2018-10-09
Supply Chain Cyber Risk Management
The Supervisor of Banks issued this directive to require banking corporations to manage cyber risks associated with material service providers in their supply chains. Banks must map these providers, conduct periodic risk assessments, and enforce specific contractual obligations regarding system hardening, vulnerability testing, and incident reporting. Additionally, the regulation mandates strict controls for remote access, including strong authentication and monitoring, to mitigate exposure to sophisticated cyber attacks originating from external entities.
Share