The proposed rule requires banking organizations to notify their primary federal regulator within 36 hours of determining in good faith that a "computer-security incident" has occurred that could cause significant disruptions to operations. A "notification incident" is an incident deemed serious enough to impact banking services or financial stability. Additionally, bank service providers must alert at least two individuals at affected banking organization customers immediately upon experiencing a significant disruption lasting four or more hours. This rule aims to ensure timely and effective responses to potential cybersecurity threats impacting the banking sector.
Simple Explanation
In simple words, this rule says that if a bank's computer has a serious problem, they need to tell the people in charge within 36 hours. Also, if a helper company for the bank has a big problem that lasts a while, they must let the bank know right away.