The Cybersecurity and Infrastructure Security Agency, which is in charge of implementing the law, has not yet drafted regulations and has until March 2024 to do so. The Bank Policy Institute, a public policy research and advocacy group, expressed faith last year that a bill that later became law would harmonize requirements on banks to report data breaches - currently a major source of regulatory disharmony. Cyber regulatory harmonization has been a top concern for banks, making the initiative a welcome sight for many bankers. The third initiative is to "build domestic and international support for an expectation of coordinated vulnerability disclosure" across sectors, which in banking would mean greater coordination between software providers, banks and white-hat hackers in identifying and closing cybersecurity holes in software.Īs for other specifics in the implementation plan, the first element is to "establish an initiative on cyber regulatory harmonization," according to the document. The second initiative under this liability umbrella is to have federal agencies work with the Cybersecurity and Infrastructure Security Administration to "identify and reduce gaps" in the "scale and implementation" of software bills of materials (SBOMs), with the intent of mitigating risks presented by unsupported software. The first is to have the Office of the National Cyber Director host a legal symposium to "explore different approaches to a software liability framework" to discuss how the software vulnerability liability framework would compare to other liability regimes. The implementation plan includes three initiatives under the strategic objective of shifting liability for insecure software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |