Regulatory Cyber Assessments
Technology and connectivity are intertwined with every organization’s daily operations. The impact of a data breach or cyber intrusion has tangible ramifications for society. As a result, more governmental bodies are developing guidelines, rules, and consequences for custodians of critical data. Evolver offers multiple resources for organizations to protect their customers, their employees, and their bottom line in the face of cyber threats.
Rules on cybersecurity disclosure and practices from the Securities and Exchange Commission
Public companies will need to use 8K disclosures to:
- Report material cybersecurity incidents within four business days of the incident being discovered, as well as disclose whether previously unreported incidents have added up to a material incident
- Provide updates in public filings on previously reported incidents
- Provide more detail on corporate board members’ experience with cybersecurity and their role in implementing cybersecurity policies
- Report on the company’s procedures and policy for identifying cyber risk and managing it
Financial advisors and fund managers are required to:
- Adopt and implement written policies and procedures that are reasonably designed to address cybersecurity risks;
- Report significant cybersecurity incidents to the Commission on proposed Form ADV-C;
- Enhance adviser and fund disclosures related to cybersecurity risks and incidents; and
- Maintain, make, and retain certain cybersecurity-related books and records.

Whether you need help with a single element or a full cyber response plan, we can help.
Evolver offers a full package of services to support regulatory responses, including these pending SEC rules. You can contact our team to learn more about our solutions, including policy & documentation development, risk management, threat analysis, and disclosure support. You can also learn more about all of Evolver’s cybersecurity offerings on our services page.
Department of Labor Guidance
There are more than 140 million participants in either private pension plans or defined contribution plans covering assets estimated at over $9.3 trillion. The Employee Retirement Income Security Act of 1974 (ERISA) requires plan fiduciaries to engage in risk mitigation to protect these assets.
In April of 2021, the U.S. Department of Labor released guidance in the form of:
Below is a beginning overview of DOL's Cybersecurity Program Best Practices. Contact Evolver for a full review of DOL requirements for retirement plan fiduciaries.

Whether you need help with a single element or a full cyber response plan, we can help.
Evolver offers a full package of services to support regulatory responses, including fiduciary requirements from the DOL. You can contact our team to learn more about our solutions, including policy & documentation development, risk management, threat analysis, and disclosure support. You can also learn more about all of Evolver’s cybersecurity offerings on our services page.
New TSA Security Directives
TSA is increasing the cybersecurity of the transportation sector through Security Directives, appropriately tailored regulations, and voluntary engagement with key stakeholders. In developing its approach, including these new Security Directives, TSA sought input from industry stakeholders and federal partners, including the Department’s Cybersecurity and Infrastructure Security Agency (CISA), which provided expert guidance on cybersecurity threats to the transportation network and countermeasures to defend against them.
The TSA Security Directives announced in 2021 target higher-risk freight railroads, passenger rail, and rail transit, based on a determination that these requirements need to be issued immediately to protect transportation security. These Directives require owners and operators to:
- designate a cybersecurity coordinator;
- report cybersecurity incidents to CISA within 24 hours;
- develop and implement a cybersecurity incident response plan to reduce the risk of an operational disruption; and,
- complete a cybersecurity vulnerability assessment to identify potential gaps or vulnerabilities in their systems.
Further, TSA recently updated its aviation security programs to require that airport and airline operators implement the first two provisions above. TSA intends to expand the requirements for the aviation sector and issue guidance to smaller operators. TSA also expects to initiate a rule-making process for certain surface transportation entities to increase their cybersecurity resiliency.

Whether you need help with a single element or a full cyber response plan, we can help.
Evolver offers a full package of services to support regulatory responses, including ongoing expansion of DHS directives. You can contact our team to learn more about our solutions, including policy & documentation development, risk management, threat analysis, and disclosure support. You can also learn more about all of Evolver’s cybersecurity offerings on our services page.