Given the sensitive nature of customer data that Member firms possess and the growing risks associated with cyber breaches, NFA worked closely with its Board and the CFTC to develop guidance requiring Members to adopt and enforce procedures to secure both customer data and access to their electronic systems. NFA's Interpretive Notice to NFA Compliance Rules 2-9, 2-36 and 2-49 requires all Member firms to adopt and enforce an information systems security program (ISSP) appropriate to its circumstances.

To assist Members as they develop and implement their written ISSPs, NFA's Self-Examination Questionnaire contains a cybersecurity section that can be used as a resource. NFA has also published answers to frequently asked questions.