The 465-page proposed rule includes updates to more than two dozen existing laws and regulations that govern the cybersecurity practices of SCI-regulated entities. Among the changes would be an expansion of the definition of covered systems intrusion, annual penetration testing, and the designation of key third party providers like cloud service providers for participation in annual business continuity and disaster recovery testing.
Article Link: SEC targets cloud, key securities firms in latest regulatory broadside | SC Media