This document is about providing best practices for ERISA-covered plan fiduciaries and service providers to implement a robust cybersecurity program. It covers key elements such as having a formal and well-documented cybersecurity program, conducting annual risk assessments, having reliable third-party audits, defining and assigning security roles, implementing strong access controls, securing cloud-based assets, conducting regular cybersecurity training, following a secure system development life cycle, establishing effective business resiliency, encrypting sensitive data, and having appropriate technical controls and incident response procedures.
An official website of the United States government.
Here’s how you know
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.
submenu
WORKERS
EMPLOYERS AND ADVISERS
RESEARCHERS
RESOURCES
LAWS AND REGULATIONS
ABOUT
CONTACT US
ESPAÑOL
1-866-444-3272
-
TOPICS
Back
-
-
Health Benefits
- Surprise Billing and Price Transparency
- COBRA Health Continuation Coverage
- Claiming Health Benefits
- Cybersecurity
- Affordable Care Act
- Dependent Coverage
- Mental Health and Substance Use Disorder Benefits
- Health Benefits Compliance Assistance
- Children's Health Insurance Program Reauthorization Act (CHIPRA)
- Proposed Rescission of Association Health Plan Rule
- Retirement Benefits
- Reporting and Filing
Compliance Assistance
-
Health Benefits
-
Back
Back
Back
Back
Back
Back
Back