FTC Final Safeguards Rule - FTC from VeriSign, Inc.

The Federal Trade Commission (FTC) Safeguards Rule for the protection of customer financial information provides guidance to financial institutions for compliance with the Gramm-Leach-Bliley Act (GLBA) 16 CFR Part 314. The rule is not as granular as requirements from the Federal Financial Institution Examination Council (FFIEC), but identifies critical elements of an effective information security program that are required for all financial institutions. In many cases, compliance with FFIEC and other banking agency requirements are sufficient for meeting the FTC final rule.

Learn more about FFIEC IT Audit Handbook Standards

Learn more about GLBA Compliance

Contact Us

Select any of the services below for more information. To design a more comprehensive compliance solution for your business, contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.

Key Controls from the Rule	Applies To	How VeriSign Helps
Requires the identification of “reasonably foreseeable internal and external risks to the security confidentiality, and integrity of customer information.” S 314.4 (b)	Information, systems, and processes that handle personal financial data	Enterprise Consulting Assessments Technical Security Assessments iDefense Security Intelligence Services
Requires operational capabilities of “detecting, preventing, and responding to attacks, intrusions, or other systems failures” S 314.4 (b) (3)	Information, systems, and processes that handle personal financial data	Intrusion Detection Management Service (IDS) Intrusion Prevention Management Service (IPS) Firewall Management Service Log Monitoring Service iDefense Security Intelligence Services
Requires “reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards.” S 314.4 (d) (1)	Financial institutions	Enterprise Consulting Assessments

Best Practices

These solutions address industry best practices that can augment the above required controls.

Key Controls	Applies To	How VeriSign Helps
“Develop, implement, and maintain a comprehensive information security program.” S 314.3 (a)	Information, systems, and processes that handle personal financial data	Security Policy and Program Services GSC Interim CISO and CPO Services
Protection of personal financial information	Applications which handle sensitive customer information	Technical Security Assessments

Learn More

Federal Trade Commission Privacy Initiatives	FTC information about GLBA
Federal Trade Commission Consumer Information Security	Information from the FTC about information security and the risks to consumers.