December 19, 2020 01:06:57 pm
The US Office of the Comptroller of the Currency, the Federal Reserve Board, and the Federal Deposit Insurance Corporation Friday proposed a new computer-security incident notification requirement for banking organizations and their bank service providers.
The proposed rule would require a banking organization to provide its primary federal regulator a prompt notification of any “computer-security incident” no later than 36 hours after it believes the incident occurred. A computer-security incident has been defined as:
An occurrence that results in actual or potential harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits; or constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies.