To amend the Sarbanes-Oxley Act of 2002 to protect investors by expanding the mandated internal controls reports and disclosures to include cybersecurity systems and risks of publicly traded companies.
Cybersecurity Systems and Risks Reporting Act
This bill amends the Sarbanes-Oxley Act of 2002 to apply to cybersecurity systems and cybersecurity systems officers the same requirements regarding corporate responsibility for financial reports and managements assessments of internal control structures and procedures for financial reporting as apply to public companies subject to oversight by the Securities and Exchange Commission (SEC).
The SEC shall issue rules to define cybersecurity expert and require each issuer of securities to disclose whether or not (and if not, the reasons why) the issuer's audit committee has at least one member who is a cybersecurity expert.
The SEC shall review an issuer's information systems and cybersecurity systems statements. In scheduling the such reviews the SEC shall consider, among other things, issuers that have issued cybersecurity risks disclosures.
Introduced in House
Introduced in House
Referred to the House Committee on Financial Services.
checking server…
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line