Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
Abstract
The Securities and Exchange Commission ("Commission") is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are adopting amendments to require current disclosure about material cybersecurity incidents. We are also adopting rules requiring periodic disclosures about a registrant's processes to assess, identify, and manage material cybersecurity risks, management's role in assessing and managing material cybersecurity risks, and the board of directors' oversight of cybersecurity risks. Lastly, the final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language ("Inline XBRL").
Federal Register Source
This document is published by the Office of the Federal Register, National Archives and Records Administration. Access the full regulatory text, preamble, and docket comments below.
View Full Text on FederalRegister.gov →Opens in new tab · federalregister.gov
Frequently Asked Questions
What is the 2023-16194 Federal Register document?
Is document 2023-16194 an economically significant rule?
Other Rules from SEC
Read our methodology - how this data is sourced, computed, and verified.
Related
Every figure on PlainRegWatch is rendered directly from state source data, no number is typed in by an editor. This page draws directly on federal and state source data, no figure is typed in by an editor. See our editorial standards & corrections policy, the methodology behind these numbers, or report a data error.