October 16, 2023 at 11:11PM
Upcoming changes to cyber security regulations in the US and Europe require organizations to focus on compliance. The SEC mandate in the US will enforce reporting of cyber incidents and the production of a Cyber Report by December 18. The DoD directive specifies that anyone working within the DoD must validate their cyber skill set by February 2024. The EU NIS II Directive requires Critical Sector Organizations to take security measures and notify authorities of serious incidents by October 2024. To navigate these regulations, SANS is hosting the Cyber Compliance Countdown virtual event.
Key Takeaways from the Meeting Notes:
– Imminent changes to cyber security regulations in the US and Europe require organizations to focus on compliance.
– The Securities Exchange Commission mandate will be enforced on December 18, 2021, and organizations need to report cyber incidents, produce a Cyber Report, and ensure sufficient cyber expertise in management and security teams.
– The US Department of Defense (DoD) 8140.3 directive must be complied with by February 25-26, 2024, by anyone working within the DoD, including contractors, allied nations, and military personnel.
– The European Union NIS II Directive calls for compliance by October 17, 2024, and requires Critical Sector Organizations operating in member states to take appropriate security measures and notify relevant national authorities of serious incidents.
– The SANS Cyber Compliance Countdown virtual event, starting on November 2, 10am EDT, has a panel discussion with officials behind the regulatory initiatives, advice on incident response plans and testing, and analysis of the new cyber security guidelines and potential solutions to meet the requirements.