Information SecurityUnited States
SEC Cybersecurity Disclosure Rules
SEC final rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (17 CFR 229, 249). Requires public companies (registrants) to disclose material cybersecurity incidents on Form 8-K within four business days and to describe cybersecurity risk management, strategy, and governance in annual reports on Form 10-K.
Domains
Risk Management and Strategy (Regulation S-K Item 106(b))
Foreign Private Issuers
Governance (Regulation S-K Item 106(c))
Incident Disclosure (Form 8-K Item 1.05)
Compare SEC Cybersecurity Disclosure Rules
SEC Cybersecurity Disclosure Rules vs ISO 27001:2022View comparison →SEC Cybersecurity Disclosure Rules vs SOC 2View comparison →SEC Cybersecurity Disclosure Rules vs NIST CSF 2.0View comparison →SEC Cybersecurity Disclosure Rules vs GDPRView comparison →SEC Cybersecurity Disclosure Rules vs HIPAAView comparison →SEC Cybersecurity Disclosure Rules vs PCI DSS 4.0View comparison →
SEC Cybersecurity Disclosure Rules by Industry
SEC Cybersecurity Disclosure Rules for Healthcare→SEC Cybersecurity Disclosure Rules for Financial Services→SEC Cybersecurity Disclosure Rules for Technology→SEC Cybersecurity Disclosure Rules for Government→SEC Cybersecurity Disclosure Rules for Manufacturing→SEC Cybersecurity Disclosure Rules for Energy→SEC Cybersecurity Disclosure Rules for Retail→SEC Cybersecurity Disclosure Rules for Education→
SEC Cybersecurity Disclosure Rules by Role
SEC Cybersecurity Disclosure Rules for CISOs→SEC Cybersecurity Disclosure Rules for Compliance Officers→SEC Cybersecurity Disclosure Rules for Risk Managers→SEC Cybersecurity Disclosure Rules for IT Directors→SEC Cybersecurity Disclosure Rules for DPOs→SEC Cybersecurity Disclosure Rules for Auditors→
Frequently Asked Questions
What is SEC Cybersecurity Disclosure Rules?
SEC final rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (17 CFR 229, 249). Requires public companies (registrants) to disclose material cybersecurity incidents on Form 8-K within four business days and to describe cybersecurity risk management, strategy, and governance in annual reports on Form 10-K.
How many controls does SEC Cybersecurity Disclosure Rules have?
SEC Cybersecurity Disclosure Rules contains 14 controls organized across 4 domains.
Where does SEC Cybersecurity Disclosure Rules apply?
SEC Cybersecurity Disclosure Rules is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does SEC Cybersecurity Disclosure Rules map to?
SEC Cybersecurity Disclosure Rules has control-to-control mappings with 358 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with SEC Cybersecurity Disclosure Rules compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for SEC Cybersecurity Disclosure Rules?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.