ARLINGTON, Va.—NAFCU has sent a letter to the National Institute of Standards and Technology (NIST) regarding the “current and future states of cybersecurity in the digital economy.”
In the letter, NAFCU Director of Regulatory Affairs Alexander Monterrubio included an executive summary of recommendations that the trade group believes will enhance the effectiveness of the public-private partnership between NIST, stakeholders, and financial regulators. He also provided an in-depth explanation of each recommendation within the letter.
The executive summary addresses:
- Cybersecurity insurance
- Reducing third-party risk by holding retailers accountable for their data security practices is necessary to lower cybersecurity insurance costs, NAFCU stated.
- Information sharing
- A federal hub for information sharing would enhance analysis of vulnerability information and streamline cross-sector participation.
- Federal governance
- NAFCU said it backs the Data Security Act, HR 2205, “because a statutorily authorized framework is necessary to fairly allocate cybersecurity burdens across sectors.”
- Cybersecurity research and development
- NAFCU said it supports efforts to promote multifactor authentication (MFA) in the private sector and believes that requiring retailers to formally adopt MFA would improve overall sector security.
"NAFCU appreciates the opportunity to share our thoughts on the current and future states of cybersecurity. We look forward to continuing to work with the Commission and NIST to identify emerging concerns and best practices," Monterrubio said.