The Gramm-Leach-Bliley Act Safeguards Rule (updated 2023) requires financial institutions — banks, credit unions, insurance companies, mortgage brokers, and investment advisers — to implement a comprehensive written information security programme with specific technical controls including access controls, encryption, multi-factor authentication, and continuous monitoring. The updated Safeguards Rule has significantly strengthened technical requirements, explicitly mandating MFA for all access to customer financial data and annual penetration testing, making Zero Trust identity and access controls a direct compliance requirement rather than simply a best practice.
Related: Banking · Financial · Insurance · MFA · Privileged Access