CFTC System Safeguards (17 CFR 37, 38, 39, 49)
The Commodity Futures Trading Commission (CFTC) System Safeguards rules (17 CFR Parts 37, 38, 39, and 49) establish comprehensive cybersecurity, business continuity, incident reporting, system integrity, and risk management requirements for designated contract markets (DCMs), swap execution facilities (SEFs), derivatives clearing organizations (DCOs), and swap data repositories (SDRs).
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (4)
CFTC System Safeguards: Business Continuity and Disaster Recovery
| Code | Title |
|---|---|
| CFTC-SS-10 | Geographically Separate Backup Resources |
| CFTC-SS-11 | Business Continuity-Disaster Recovery Testing |
| CFTC-SS-8 | Business Continuity-Disaster Recovery Plan and Resources |
| CFTC-SS-9 | Recovery Time Objective |
CFTC System Safeguards: Cybersecurity Testing
| Code | Title |
|---|---|
| CFTC-SS-13 | Vulnerability Testing |
| CFTC-SS-14 | Penetration Testing |
| CFTC-SS-15 | Controls Testing |
| CFTC-SS-16 | Security Incident Response Plan Testing |
| CFTC-SS-17 | Enterprise Technology Risk Assessment |
| CFTC-SS-18 | Testing by Independent Professionals |
CFTC System Safeguards: Notification, Records and Remediation
| Code | Title |
|---|---|
| CFTC-SS-19 | Notification to the Commission |
| CFTC-SS-20 | Recordkeeping of System Safeguards |
| CFTC-SS-21 | Remediation of Deficiencies |
CFTC System Safeguards: Risk Analysis and Oversight Program
| Code | Title |
|---|---|
| CFTC-SS-1 | Program of Risk Analysis and Oversight |
| CFTC-SS-12 | Capacity and Performance Planning |
| CFTC-SS-2 | Enterprise Risk Management and Governance |
| CFTC-SS-3 | Information Security |
| CFTC-SS-4 | Systems Operations |
| CFTC-SS-5 | Systems Development and Quality Assurance |
| CFTC-SS-6 | Physical Security and Environmental Controls |
| CFTC-SS-7 | Generally Accepted Standards and Best Practices |
Your Compliance Coverage
If you comply with CFTC System Safeguards (17 CFR 37, 38, 39, 49), you already cover:
NIST Cybersecurity Framework 2.0
43%
9 controls mapped
Compare →SOC 2
38%
8 controls mapped
Compare →NIST SP 800-53 Rev 5
38%
8 controls mapped
Compare →+ 6 more: ISO 27701:2019 (10%), ISO 27017:2015 (5%)
See all 9 mapped frameworks ↓Maps to 9 other frameworks
Frequently Asked Questions
What is CFTC System Safeguards (17 CFR 37, 38, 39, 49)?
CFTC System Safeguards (17 CFR 37, 38, 39, 49) is a compliance framework from United States (CFTC) with 4 domains and 21 controls. The Commodity Futures Trading Commission (CFTC) System Safeguards rules (17 CFR Parts 37, 38, 39, and 49) establish comprehensive cybersecurity, business continuity, incident reporting, system integrity, and risk management requirements for designated contract markets (DCMs), swap execution facilities (SEFs), derivatives clearing organizations (DCOs), and swap data repositories (SDRs). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does CFTC System Safeguards (17 CFR 37, 38, 39, 49) have?
CFTC System Safeguards (17 CFR 37, 38, 39, 49) has 21 controls organised across 4 domains. The largest domains are CFTC System Safeguards: Risk Analysis and Oversight Program (8 controls), CFTC System Safeguards: Cybersecurity Testing (6 controls), CFTC System Safeguards: Business Continuity and Disaster Recovery (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does CFTC System Safeguards (17 CFR 37, 38, 39, 49) map to?
CFTC System Safeguards (17 CFR 37, 38, 39, 49) maps to 9 other compliance frameworks. The top mapping partners are NIST Cybersecurity Framework 2.0 (43% coverage), SOC 2 (38% coverage), NIST SP 800-53 Rev 5 (38% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with CFTC System Safeguards (17 CFR 37, 38, 39, 49) compliance?
Start your CFTC System Safeguards (17 CFR 37, 38, 39, 49) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about CFTC System Safeguards (17 CFR 37, 38, 39, 49) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 21 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required