Cybersecurity Compliance Milestones for Success in 2024
As the dust settles on the much-anticipated December 18, 2023 deadline set by the Securities and Exchange Commission (SEC), Cybersecurity professionals are now faced with five critical deadlines, each demanding attention and strategic preparation.
1. March 31 – PCI DSS 4.0 Compliance:
In the first quarter of 2024, organizations handling card payments must meet the inaugural deadline for Payment Card Industry Data Security Standard version 4.0 (PCI DSS 4.0). This involves fulfilling 13 new requirements, such as defining roles, responsibilities, and the cardholder data environment. A recommended survival guide for PCI DSS 4.0 compliance can be a valuable resource during this complex process.
2. May 13 – FTC Data Breach Reporting Rules:
Starting on May 13, 2024, non-banking financial institutions face new data breach reporting obligations under the amended Safeguards Rule by the Federal Trade Commission (FTC). The rule mandates reporting specific breaches to the FTC within 30 days of discovery, particularly those involving unencrypted information of at least 500 customers.
3. June 15 – SEC Cybersecurity Incident Reporting for Smaller Reporting Companies:
While larger corporations met the December 18, 2023 deadline, smaller reporting companies have until June 15, 2024, to comply with the SEC’s new cybersecurity incident reporting rules. This extension ensures that smaller entities meet the same standards as their larger counterparts when disclosing cybersecurity incidents.
4. July 1 – State Data Privacy Rules in Florida, Oregon, and Texas:
On July 1, 2024, Florida, Oregon, and Texas will enforce new state data privacy rules. The Florida Digital Bill of Rights (FDBR) targets select companies with substantial revenue, the Oregon Consumer Privacy Act (OCPA) focuses on companies handling personal data of Oregon residents, and the Texas Data Privacy and Security Act (TDPSA) has broad applicability but exempts small businesses. Additionally, Montana and Washington have upcoming privacy law deadlines in 2024.
5. Sept. 30 – Federal Agencies’ Zero Trust Architecture Goals:
Following the White House’s January 2022 memorandum, federal agencies must achieve zero trust architecture goals by September 30, 2024. Aligned with the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model, agencies must complete 19 specific tasks focusing on identity, devices, networks, applications, and data security.
Related Articles
Black Basta Ransomware Group Makes Off with $100 Million
The infamous Black Basta ransomware gang successfully swindled $100 million using tricky tactics since 2022. Recent reports from Elliptic and Corvus reveal that the group went after 329 organizations, managing to extract over $107 million from 90 victims in less than...
Kickstart Your December with a Password Power-Up!
Start December with a Strong Password Reset! As the year comes to a close there is no better time to prioritize your online security and with cyber threats on the rise protecting yourself should be at the top of your to-do list. One of the simplest yet most effective...
Synology Issues Patch For Severe VPN Plus Server Vulnerability
A critical vulnerability in the VPN Plus Servers that may be used to remotely take control of systems has been patched by Synology. The vulnerability, which is now known as CVE-2022-43931, affects the remote desktop functionality of Synology VPN...