Rule No. 108

Cybersecurity Standards for the Insurance Industry

Read the Rule

Cybersecurity Resources

CISA logo

Implementation Guide for Cybersecurity Controls
CISA logo

Checklist for Compliance with OCS Rule No. 108
CISA logo

Free Vulnerability Assessments Provided by CISA

CIS Critical Security Controls Version 8.1

The CIS Controls are a prioritized set of safeguards created to mitigate the most prevalent cyber attacks against systems and networks.

CISA Cross-Sector Cybersecurity Performance Goals

A common set of protections that all critical infrastructure entities should implement to meaningfully reduce the likelihood and impact of known risks and adversary techniques.

CISA Cyber Hygiene Services

Free vulnerability assessments and recommendations to help organizations reduce their exposure to threats by taking a proactive approach to monitoring and mitigating attack vectors.

CISA Known Exploited Vulnerabilities (KEV)

CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

FTC Create Your Cybersecurity Plan

Business cybersecurity resources developed in partnership with the National Institute of Standards and Technology (NIST), the U.S. Small Business Administration, and the Department of Homeland Security.

FTC Data Breach Response Guide

Basic guidance from the Federal Trade Commission (FTC) to help businesses make smart, sound decisions. This guide addresses the steps to take once a cybersecurity breach has occured.

NAIC Cybersecurity Event Response Plan

Guide that the OCS will use to respond upon receiving a cybersecurity breach notification, o upon learning of a cyberattack in a regulated entity.

NAIC Cybersecurity Vulnerability Response Plan

Guide that the OCS will use to determine the appropriate course of action to respond to identified vulnerabilities.

NAIC Insurance Data Security Pre-Breach and Post-Breach Checklist

Includes important criteria for prepararing, investigating, and notifying a cyberattack to the OCS.

NIST Cybersecurity Framework (CSF) 2.0

The NIST CSF 2.0, which Rule 108 is based on, helps organizations assess and improve their ability to prevent, detect, and respond to cyber threats.

NIST Quick Start Guides

Starter resource guide to help businesses become more familiar with the NIST CSF 2.0.

NIST Special Publication 800-53 Rev. 5

Catalog of security and privacy controls for information systems and organizations to protect against threats and risks, including hostile attacks, human errors, and privacy risks.

Implementation Guide for Cybersecurity Controls for the Insurance Industry v. 1.0

Guide for licensees and regulated entities detailing best practices and examples of effective cybersecurity control implementations, in accordance to Rule No. 108.

Compliance Checklist for Rule No. 108, “Cybersecurity Standards for the Insurance Industry.”

A summary of requirements included in Article 8 of Rule No. 108, “Cybersecurity Standards for the Insurance Industry.”

< Back to the OCS