The CMMC Program is designed to verify the protection of sensitive unclassified information shared between the Department and its contractors and subcontractors or generated by the contractors and subcontractors. CMMC increases assurance that contractors and subcontractors are meeting cybersecurity requirements applying to acquisition programs and systems processing CUI.

The FTC’s Safeguards Rule amendment requires non-bank financial institutions to report when information affecting 500 or more people was acquired without authorization.

The Federal Trade Commission issued a final rule to amend the Standards for Safeguarding Customer Information (‘‘Safeguards Rule’’ or ‘‘Rule’’).

The SEC adopted final rules requiring disclosure of material cybersecurity incidents on Form 8-K and periodic disclosure of a registrant’s cybersecurity risk management, strategy, and governance in annual reports.