Investment funds and financial institutions: CSSF FAQ on minimum IT security requirements for remote access

On 17 March 2020, the CSSF issued an FAQ clarifying the recommended minimum IT security requirements for remote access implemented to meet the demands of the exceptional situation created by Covid-19 and issuing minimum recommendations with respect to:

high-privileged access: identification of user profiles with the highest risk levels (IT administrators, employees in charge of transactions/payments, etc.) and the implementation of proper security measures (strong authentication, access from a secure laptop, logging and review of sensitive actions);
secure communication: encryption of communication channels (e.g. use of VPN with AES-256, RSA-2048 encryption);
connection monitoring: controls to ensure, at least, that remote connections are consistent with recourse to teleworking (i.e. access during office hours, geofencing); 
the duration of remote access: remote access introduced due to the exceptional Covid-19 situation should be temporary and disabled once the exceptional circumstances have passed.

The CSSF is further “urging financial institutions under its prudential supervision to favour working from home as part of their business continuity plans. As already mentioned in the communication of 2 March, satisfactory IT security conditions should be guaranteed and no prior authorisation is needed for such work arrangements.

Related : Nautadutilh Avocats Luxembourg Sàrl ( Mrs. Yoanna Stefanova ,  Mr. Luc Courtois )

[+ http://www.nautadutilh.com]

Mrs. Yoanna Stefanova Mrs. Yoanna Stefanova
Mr. Luc Courtois Mr. Luc Courtois

Click here to see the ad(s)
All articles Financial law

Lastest articles Financial law

Special serie COVID-19 - n°5 Impact on reporting deadlines for investment funds

In the context of the difficult evolving situation in connection to COVID-19, most companies are currently facing unpreced...

Read more

Sustainable Investing as a Driver of Change

A disruptive cultural shift is driving change in the financial industry. Investors and new sources of deals are redesignin...

Read more

Investment Funds | Extension of the CSSF's Deadlines

In recent days, due to the outbreak of COVID-19, the CSSF has published a series of communications addressed to participan...

Investment Funds | Extension of the CSSF's Deadlines Read more

CSSF Disclosure of information (Transparency Law – MAR)

The European Securities and Markets Authority (ESMA) issued on 27 March 2020 a public statement (the Statem...

CSSF Disclosure of information (Transparency Law – MAR) Read more

Lastest articles by Mrs. Yoanna Stefanova

Luxembourg Brexit Laws: 15 September 2019 final deadline for UK based managers to notify the CSSF

On 8 April 2019, Luxembourg adopted two laws ("Brexit Laws") on measures to be taken in relation to the financia...

Read more

The Luxembourg UBO Register: the end of the transition period is fast approaching (31 August 2019)

The UBO Register Act, which entered into force on 1st March 2019, provides for a six-month transition period to submit inf...

Read more

The Luxembourg Bill Implementing Srd II as Regards the Encouragement of Long-Term Shareholder Eng...

On 25 January 2019, Bill No 7402 (the "Bill") implementing Directive (EU) 2017/828 as regards the encouragement ...

Read more

Luxembourg Corporate Governance Comparative Guide

NautaDutilh Avocats Luxembourg is an exclusive contributor to The Legal 500 Corporate Governance 1st Edition Cou...

Read more

Lastest articles by Mr. Luc Courtois

LexGO Network