Insights
We are proud to be named a West Coast Regional Leader for 2024


Checklist: Navigating SEC cybersecurity requirements
ARTICLE | January 09, 2024
Authored by RSM US LLP
Actionable steps for organizations
In light of the SEC's broadened cybersecurity requirements, your organization must adopt a proactive stance to achieve compliance and enhance its overall security posture. Consider the following crucial steps to guide you on this journey:
Conduct comprehensive asset inventory and management
- Know thy assets: Begin by meticulously inventorying all assets within your environment. These assets include hardware, software, data repositories and more.
- Invest in tools and processes: Recognize that asset management can be challenging. Invest in suitable tools and establish efficient processes to maintain an up-to-date inventory.
- Validation is key: Regularly validate your asset inventory to ensure completeness and accuracy. A comprehensive view of your assets is foundational to effective cybersecurity.
Implement a unified control framework
- Streamline your controls: To manage diverse requirements effectively, adopt a unified control framework such as NIST or ISO.
- Mapping all requirements: Map SEC cybersecurity requirements and other relevant regulations into a single framework to avoid duplicative efforts and streamline compliance efforts.
- Tailor controls to risks: Not every part of your organization requires the same level of security. Apply the control framework in a risk-based manner, ensuring that critical areas receive the highest attention.
Balance compliance and protection
- While the SEC focuses on incident response and monitoring, remember to maintain a balance by comprehensively securing your organization.
Implement continuous control assessment and monitoring
- Sustain control effectiveness: The journey doesn't end with compliance; it's an ongoing effort. Regularly assess and monitor the effectiveness of your controls.
- Leverage automation and GRC tools: Employ automation and governance, risk and compliance (GRC) tools to streamline control monitoring. Automation helps ensure adherence to rules and protect your organization effectively.
Let’s Talk!
You can call us at +1 213.873.1700, email us at solutions@vasquezcpa.com or fill out the form below and we’ll contact you to discuss your specific situation.
Required fields are marked with an asterisk (*)
This article was written by Matt Franko and originally appeared on 2024-01-09. Reprinted with permission from RSM US LLP.
© 2024 RSM US LLP. All rights reserved. https://rsmus.com/insights/services/risk-fraud-cybersecurity/navigating-sec-cybersecurity-requirements.html
RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent assurance, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmus.com/about for more information regarding RSM US LLP and RSM International.

Vasquez + Company LLP has over 50 years of experience in performing audit, tax, accounting, and consulting services for all types of nonprofit organizations, governmental entities, and private companies. We are the largest minority-controlled accounting firm in the United States and the only one to have global operations and certified as MBE with the Supplier Clearinghouse for the Utility Supplier Diversity Program of the California Public Utilities Commission.
For more information on how Vasquez can assist you, please email solutions@vasquezcpa.com or call +1.213.873.1700.
Subscribe to receive important updates from our Insights and Resources.