- From the Private Companies Practice Section (PCPS): A CPA's Introduction to Cybersecurity (available exclusively to AICPA members), the first piece of the PCPS Cybersecurity toolkit, helps practitioners understand the cybersecurity risks they and their clients face, and summarizes cybersecurity policies and practices that every CPA firm should have in place.
- To help businesses and organizations report on their cybersecurity risk management efforts, the AICPA's Assurance Services Executive Committee (ASEC) has exposed two sets of criteria:
- Proposed Description Criteria for Management's Description of an Entity's Cybersecurity Risk Management Program
- Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
In addition to these exposure drafts, you can find a number of other helpful resources including a backgrounder on the AICPA's upcoming cybersecurity engagement, a mapping of the Proposed Trust Services Criteria and the AICPA's input to the Commission on Enhancing National Cybersecurity on aicpa.org/cybersecurityriskmanagement.