The Federal Reserve, the Office of the Comptroller of the Currency and the Federal Deposit Insurance Corporation are inviting comment on an advance notice of proposed rulemaking regarding cyber risk management standards for large and interconnected entities under their supervision and those entities’ service providers.

The agencies refer to these standards, which are to sit on top of existing ones, as 'enhanced standards.' There are five categories of standard: cyber risk governance; cyber risk management; internal dependency management; external dependency management; and incident response, cyber resilience, and situational awareness. The consultation period ends on 17 January.