17 C.F.R. § 242.830
(a) In general. The security-based swap execution facility shall:
(1) Establish and maintain a program of risk analysis and oversight to identify and minimize sources of operational risk, through the development of appropriate controls and procedures, and automated systems, that:
(2) Establish and maintain emergency procedures, backup facilities, and a plan for disaster recovery that allow for:
(3) Periodically conduct tests to verify that the backup resources of the security-based swap execution facility are sufficient to ensure continued:
(b) Requirements.
(1) A security-based swap execution facility's program of risk analysis and oversight with respect to its operations and automated systems shall address each of the following categories of risk analysis and oversight:
(4) A security-based swap execution facility satisfies the requirement to be able to resume its operations and resume its ongoing fulfillment of its responsibilities and obligations during the next business day following any disruption of its operations by maintaining either:
(5) A security-based swap execution facility shall notify Commission staff promptly of all:
(6) A security-based swap execution facility shall provide Commission staff timely advance notice of all material:
(7) As part of a security-based swap execution facility's obligation to produce books and records in accordance with § 242.826 (Core Principle 9), the security-based swap execution facility shall provide to the Commission the following system-safeguards-related books and records, promptly upon the request of any Commission representative:
(8) A security-based swap execution facility shall conduct regular, periodic, objective testing and review of its automated systems to ensure that they are reliable, secure, and have adequate scalable capacity. A security-based swap execution facility shall also conduct regular, periodic testing and review of its business continuity-disaster recovery capabilities. Such testing and review shall include, without limitation, all of the types of testing set forth in this paragraph (b)(8).
(i) Definitions. As used in this paragraph (b)(8):
Controls means the safeguards or countermeasures employed by the security-based swap execution facility to protect the reliability, security, or capacity of its automated systems or the confidentiality, integrity, and availability of its data and information, and to enable the security-based swap execution facility to fulfill its statutory and regulatory responsibilities.
Controls testing means assessment of the security-based swap execution facility's controls to determine whether such controls are implemented correctly, are operating as intended, and are enabling the security-based swap execution facility to meet the requirements of this section.
Enterprise technology risk assessment means a written assessment that includes, but is not limited to, an analysis of threats and vulnerabilities in the context of mitigating controls. An enterprise technology risk assessment identifies, estimates, and prioritizes risks to security-based swap execution facility operations or assets, or to market participants, individuals, or other entities, resulting from impairment of the confidentiality, integrity, and availability of data and information or the reliability, security, or capacity of automated systems.
External penetration testing means attempts to penetrate the security-based swap execution facility's automated systems from outside the systems' boundaries to identify and exploit vulnerabilities. Methods of conducting external penetration testing include, but are not limited to, methods for circumventing the security features of an automated system.
Internal penetration testing means attempts to penetrate the security-based swap execution facility's automated systems from inside the systems' boundaries, to identify and exploit vulnerabilities. Methods of conducting internal penetration testing include, but are not limited to, methods for circumventing the security features of an automated system.
Security incident means a cybersecurity or physical security event that actually jeopardizes or has a significant likelihood of jeopardizing automated system operation, reliability, security, or capacity, or the availability, confidentiality or integrity of data.
Security incident response plan means a written plan documenting the security-based swap execution facility's policies, controls, procedures, and resources for identifying, responding to, mitigating, and recovering from security incidents, and the roles and responsibilities of its management, staff, and independent contractors in responding to security incidents. A security incident response plan may be a separate document or a business continuity-disaster recovery plan section or appendix dedicated to security incident response.
Security incident response plan testing means testing of a security-based swap execution facility's security incident response plan to determine the plan's effectiveness, identify its potential weaknesses or deficiencies, enable regular plan updating and improvement, and maintain organizational preparedness and resiliency with respect to security incidents. Methods of conducting security incident response plan testing may include, but are not limited to, checklist completion, walk-through or table-top exercises, simulations, and comprehensive exercises.
Vulnerability testing means testing of a security-based swap execution facility's automated systems to determine what information may be discoverable through a reconnaissance analysis of those systems and what vulnerabilities may be present on those systems.
(ii) Vulnerability testing. A security-based swap execution facility shall conduct vulnerability testing of a scope sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(iii) External penetration testing. A security-based swap execution facility shall conduct external penetration testing of a scope sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(iv) Internal penetration testing. A security-based swap execution facility shall conduct internal penetration testing of a scope sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(v) Controls testing. A security-based swap execution facility shall conduct controls testing of a scope sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(vi) Security incident response plan testing. A security-based swap execution facility shall conduct security incident response plan testing sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(vii) Enterprise technology risk assessment. A security-based swap execution facility shall conduct enterprise technology risk assessment of a scope sufficient to satisfy the requirements set forth in paragraph (b)(10) of this section.
(9) To the extent practicable, a security-based swap execution facility shall:
(10) The scope for all system safeguards testing and assessment required by this section shall be broad enough to include the testing of automated systems and controls that the security-based swap execution facility's required program of risk analysis and oversight and its current cybersecurity threat analysis indicate is necessary to identify risks and vulnerabilities that could enable an intruder or unauthorized user or insider to: