How many controls does SEC Cybersecurity Disclosure Rules have?

SEC Cybersecurity Disclosure Rules contains 14 controls organized across 4 domains.

Where does SEC Cybersecurity Disclosure Rules apply?

SEC Cybersecurity Disclosure Rules is applicable in United States. Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.

What frameworks does SEC Cybersecurity Disclosure Rules map to?

SEC Cybersecurity Disclosure Rules has control-to-control mappings with 358 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.

How do I get started with SEC Cybersecurity Disclosure Rules compliance?

Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.

SEC Cybersecurity Disclosure Rules

SEC final rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (17 CFR 229, 249). Requires public companies (registrants) to disclose material cybersecurity incidents on Form 8-K within four business days and to describe cybersecurity risk management, strategy, and governance in annual reports on Form 10-K.

Domains

Risk Management and Strategy (Regulation S-K Item 106(b))

Foreign Private Issuers

Governance (Regulation S-K Item 106(c))

Incident Disclosure (Form 8-K Item 1.05)

Frequently Asked Questions

Map SEC Cybersecurity Disclosure Rules to any other framework

Use our AI-powered compliance platform to find control overlaps, gaps, and build remediation plans in seconds.

Try Free on Compliance Platform