Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 2281 (Introduced in Senate) — To provide for consumer protection and responsible financial innovation, to bring crypto assets within the regulatory... · Sec. 209

Sec. 209. Cybersecurity standards for crypto asset intermediaries

363 words·~2 min read·/bill/118/s/2281/is/section-209

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Section 2240 of the Homeland Security Act of 2002 ( 6 U.S.C. 681 ) is amended by striking paragraph
(4)and inserting the following: The term covered entity — means an entity in a critical infrastructure sector, as defined in Presidential Policy Directive 21, that satisfies the definition established by the Director in the final rule issued pursuant to section 2242(b); and includes a crypto asset intermediary, as defined in section 9801 of title 31, United States Code. . If a crypto asset intermediary makes a required report under section 2242 of the Homeland Security Act of 2002 ( 6 U.S.C. 681b ), the crypto asset intermediary shall make a copy of that report available to the Federal or State financial regulator responsible for licensing or supervising the crypto asset intermediary. Not later than 18 months after the date of enactment of this Act, the Commodity Futures Trading Commission and the Securities and Exchange Commission, in consultation with the Secretary of the Treasury and the Director of the Cybersecurity and Infrastructure Security Agency, shall develop comprehensive, principles-based guidance relating to cybersecurity for crypto asset intermediaries that account for, with respect to such a crypto asset intermediary— the internal governance, and organizational culture, of the cybersecurity program of the crypto asset intermediary; security operations of the crypto asset intermediary, including threat identification, incident response, and mitigation; risk identification and measurement by the crypto asset intermediary; the mitigation of risk by the crypto asset intermediary, including policies of the crypto asset intermediary, controls implemented by the crypto asset intermediary, change management with respect to the crypto asset intermediary, and the supply chain integrity of the crypto asset intermediary; assurance provided by, and testing conducted by, the crypto asset intermediary, including penetration testing and independent audits so conducted; and the potential for crypto asset intermediaries to be used to facilitate illicit activities, including sanctions avoidance. Not later than 18 months after the date of enactment of this Act, the Securities and Exchange Commission and the Commodity Futures Trading Commission, in consultation with industry and the Director of the Cybersecurity and Infrastructure Security Agency, shall adopt plain-language cybersecurity guidance for customers to safely transact in crypto assets.
Connectionstraces to 2
Citation graph
cites case law
Sec. 209
Cybersecurity standards for crypto asset intermediaries
U.S.C.§ 681
U.S.C.§ 681b
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.