WASHINGTON (2/11/16)--The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework should continue to recognize existing, robust data security requirements, the Credit Union National Association (CUNA) said this week.
In a comment letter responding to NIST questions about its Cybersecurity Framework, CUNA said it supports the goals of collecting information for the framework, and the possible need for an update.
“Credit unions and other financial institutions should not be subject to additional prescriptive requirements, as they are already subject to a risk-based approach to manage cyber threats,” CUNA’s letter reads. “We also urge additional coordination between the public and private sectors on cybersecurity.”
The framework consists of existing standards, guidelines and practices for stakeholders to use to reduce cyberrisks to crucial infrastructure.
In response to questions about steps that could be taken to “prevent duplication of regulatory processes,” CUNA recommended a task force to review the numerous regulations and standards credit unions are subject to.
“A task force to review each of these regulations and their stated purposes with respect to the NIST CORE requirements would be helpful to reconcile conflicting regulations and requirements with prioritization of these in a manner that states clearly not only the desired outcome of the practice but the risk factors of not adhering to the practice,” the letter reads. “This would greatly reduce the number of risk assessments that are performed by the credit union, reduce confusion and result in stronger security.”
The letter also contains a list of 10 factors that CUNA says should be used to evaluate a potential partner organization that would handle some or all of the framework’s coordination.
CUNA, as a member of the Financial Services Sector Coordinating Council (FSSCC), also contributed to the FSSCC’s comment letter on the framework, which more broadly addresses the request for information.