The New York Department of Financial Services (NYDFS) continues to refine its position regarding the importance of and requirements regarding Multi-Factor Authentication (MFA), as evidenced most recently with the release of new guidance. This new … [Read more] about NYDFS Issues Guidance on Multi-Factor Authentication
Log4j is a java-based tool from Apache’s open source library used for parsing logs that never seems to have made headlines before this past weekend. Now, following the December 9th public announcement of a vulnerability in this tool, public and … [Read more] about CISA Issues Statement on Log4j Critical Vulnerability
On December 7, 2021, the House of Representatives passed the National Defense Authorization Act for Fiscal Year 2022 (NDAA), which notably excluded any cybersecurity incident reporting requirements. In September, the House approved a previous version … [Read more] about The Cybersecurity Incident Reporting Requirements Fail in the Latest Version of the National Defense Authorization Act
On November 14, 2021, the Cyberspace Administration of China (CAC) released draft Regulations on the Management of Online Data Security (the “Regulations”) for China’s data privacy and security laws, including the Cybersecurity Law … [Read more] about China’s Initial Draft Regulations on the Management of Online Data Security: Important Takeaways
On November 18, 2021, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System, and the Federal Deposit Insurance Corporation jointly announced the approval of a final rule to improve the sharing of … [Read more] about Federal Bank Regulatory Agencies Release Final Rule to Require Notification of Cyber Incidents