SIO-9.6.1
Stablecoin issuers must establish and maintain an effective cyber security program to ensure the availability and functionality of the licensee’s electronic systems and to protect those systems and any sensitive data stored on those systems from unauthorized access, use, or tampering. The cyber security program must be designed to perform, at the minimum, the following five core cyber security functions:
(a) identify internal and external cyber security risks by, at a minimum, identifying the information stored on the licensee’s systems, the sensitivity of such information, and how and by whom such information may be accessed;
(b) protect the licensee’s electronic systems, and the information stored on those systems, from unauthorized access, use, or other malicious acts through the use of defensive infrastructure and the implementation of policies and procedures;
(c) detect system intrusions, data breaches, unauthorized access to systems or information, malware, and other cyber security events;
(d) respond to detected cyber security events to mitigate any negative effects; and
(e) recover from cyber security events and restore normal operations and services.
Added: July 2025