Legal Seminar, Denver, CO

NMLS 1.0

Training: Role‐based (CHRI) and Annual  Cybersecurity Awareness Training (FINRA and CSBS)

Changes and improvements

• Upgraded encryption in transit and at rest 

NMLS 2.0

Changes from 1.0 • AWS GovCloud (FedRAMP)

• Delegation of account administration to States • One user account with multiple associated roles Threat model • Identify internal and external threats/vulnerabilities • Likelihood x  Impact = Risk • Apply protective and detective measures