Securiti AI Launches Context-Aware LLM Firewalls to Secure GenAI Applications
ViewLast Updated on December 14, 2023
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Looks like this email is already registered with an existing account.
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
The "Insurance Data Security Model Law," or NAIC Model Regulation 668, was developed by the National Association of Insurance Commissioners (NAIC) in the United States. This model law establishes cybersecurity standards and requirements for insurance companies to protect nonpublic information's confidentiality, integrity, and availability.
The NAIC Model 668 applies to licensees who are defined as persons licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered pursuant to the insurance laws of the state but shall not include a purchasing group or risk retention group chartered and licensed in a state other than this state or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction.
The NAIC Model Regulation 668 acts as a model or template that other U.S. states can use as a starting point for developing their own regulatory frameworks. As a result, each state may vary in terms of specific requirements and details of the regulation.
The NAIC Model Regulation 668 is one of the four primary model NAIC Laws. The other three laws are the model Insurance Information and Privacy Protection Act (#670), the model Privacy of Consumer Financial and Health Information Regulation (#672), and the model Standards for Safeguarding Customer Information Regulation (#673). These standards govern the collection, use, and disclosure of information in relation to insurance transactions made by insurance institutions, agents, or insurance support organizations. The NAIC Model Regulation 668 imposes cybersecurity obligations concerning personally identifiable information.
The NAIC Model 668 has been adopted by several US states, including Alabama, Connecticut, Delaware, Indiana, Iowa, Louisiana, Maine, Maryland, Michigan, Minnesota, Mississippi, New Hampshire, New York, North Dakota, South Carolina, Tennessee, Virginia, Wisconsin, and Ohio.
Securiti enables organizations to comply with US NAIC 668 – Insurance Data Security Model Law through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises' journey toward compliance with US NAIC 668 – Insurance Data Security Model Law through automation, enhanced data visibility, and identity linking.
Request a demo to learn how Securiti can aid you and your organization's compliance efforts today.
US NAIC 668 Section: 2
Utilize Securiti's collaborative readiness assessment template to assess your organization's compliance with NAIC 668 requirements, assess compliance gaps, and mitigate risks. Seamlessly expand assessment capabilities across your vendor ecosystem to maintain compliance against this standard.
US NAIC 668 Sections: 4(H), 6
Securiti's Breach Management enables organizations to create an incident response plan to respond effectively to security incidents that compromise the confidentiality, integrity, or availability of information. It assists organizations in making breach notifications to relevant stakeholders as per the requirements of the industry law and applicable laws.
US NAIC 668 Section: 5
Securiti's Assessment Automation allows organizations to assess the nature and scope of security incidents with the help of breach and breach risk severity assessments. The assessments facilitate organizations to identify what information has been breached, restore security, take reasonable measures in order to protect any unauthorized acquisition or disclosure of information and identify which parties are required to be notified of the breach.
US NAIC 668 Sections: 4(C), 4(F)
Securiti's Assessment Automation enables organizations to assess safeguards in place for protecting data and associated risks and assess and mitigate third-party risks.
US NAIC 668 Sections: 4(C)(5), 4(D)
Securiti's Data Security Posture Management module allows organizations to identify and implement appropriate security controls.
Data Security Program: Insurance companies must create, implement, and maintain a thorough written information security program to protect nonpublic information. This program should include administrative, technical, and physical safeguards.
Risk Assessment: Insurers must regularly review their risks to identify potential vulnerabilities and threats to nonpublic information by conducting risk assessments. The Information Security Program must be designed to mitigate identified risks as per the sensitivity of the non-public information. Third-party service providers are required to be included in the risk management process.
Security measures: Access controls, encryption, multi-factor authentication, regular testing, audit trails, protection against breaches, and secure disposal of information are some of the security measures highlighted in the NAIC 668 standard.
Incident Response Plan: To address and quickly minimize the effects of cybersecurity occurrences, insurance companies must have an incident response plan in place.
Employee Training: Employees must receive appropriate cybersecurity awareness training.
Notification of Cybersecurity Events: The licensee must notify the Commissioner and consumers in the case of a cybersecurity event. The notification to the Commissioner must be made as promptly as possible but no later than 72 hours from a determination that a cybersecurity event has occurred.
Annual Certification: Insurance regulators in each state may require insurers to certify compliance with the regulation annually.
Records Retention: After the date of each cybersecurity event, the Licensee must keep records pertaining to those events for at least five years. The Commissioner may request those data at any time.
At Securiti, our mission is to enable organizations to safely harness the incredible power of Data & AI.
Copyright © 2024 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128
