FOR IMMEDIATE RELEASE:
Feds Finalize Bank Security Incident Notification Rule
Rule Addresses Comments from Taproot Security
Saint Paul, MN, November 29, 2021 – US federal regulatory agencies finalized a new rule requiring banks to notify them within 36 hours after confirming a cybersecurity incident. The final rule incorporates some comments from Taproot Security and discusses others. Taproot founder Michael McCormick discussed the rule in a March press release.
The new rule takes effect on April 1, 2022, and banks must fully comply by May 1. The rule only requires them to notify federal regulators of a cybersecurity incident. They are not required to notify customers or the general public under this rule, but there is legislation pending in Congress to address that.
About Taproot Security
Taproot Security is an information security consulting firm advising industry and government on cyber issues and policy. For more information, please visit http://www.taprootsecurity.com/.
To learn more about this announcement, please contact
Founder & President
Taproot Security, LLC
- END -