President Donald Trump signed an executive order Thursday calling for reviews of the federal government’s cybersecurity vulnerabilities and directing adoption of specific security practices.
The order also directs each agency to use the National Institutes for Standards and Technology’s cybersecurity framework to manage cybersecurity risk and to provide a risk management report to the Secretary of Homeland Security and director of the Office of Management and Budget within 90 days documenting risk mitigation choices made.
CUNA generally supports the use of the framework as a tool for credit unions but is concerned that mandatory use by federal agencies could eventually lead to making it a mandatory standard for financial institutions. It should not create additional requirements, nor should it apply a one-size-fits-all approach for credit unions to demonstrate readiness.
CUNA also believes that, should regulators determine new or additional cybersecurity requirements are necessary, those should be incorporated into existing frameworks and guidance.