The Federal Deposit Insurance Corp., Office of the Comptroller of the Currency and Federal Reserve Board want public comments on the three bank regulators’ joint plan to establish a set of cyber risk management standards for the financial services industry.

The regulatory agencies also seek potential methods to quantify and compare cyber risks at financial institutions, FDIC said Wednesday.

Responses to the advance notice of proposed rulemaking are due Jan. 17, 2017.

The Federal Reserve, FDIC and OCC are considering whether to apply enhanced cyber risk management standards to depository institutions and foreign banks’ U.S. business units that own at least $50 billion in assets as well as to financial market infrastructure operators and nonbank financial regulations supervised by the Fed, according to the notice.

The regulators also look to require companies to substantially address disruption or failure risks associated with a cyber incident, FDIC added.

The Interior Department’s office of inspector general has found lapses in DOI’s Continuous Diagnostics and Mitigation program when it comes to safeguarding high-value information technology systems from cyber vulnerabilities.

OIG said in a report published Wednesday its findings are based on the assessment of CDM practices that DOI implements for IT assets operated by the department’s U.S. Geological Survey, Bureau of Reclamation and Bureau of Safety and Environmental Enforcement.

The CDM initiative calls for agencies to implement 15 continuous diagnostic control measures in three phases, according to the report.

Under the program’s Phase 1, agencies should use automated software platforms to facilitate the development and maintenance of computer software and hardware inventories as well as implement enterprise configuration and vulnerability management measures, the IG said.

The report said that DOI failed to mitigate critical network vulnerabilities on the bureaus’ IT assets as well as detect and eliminate potential malware from the IT systems.

The IG also noted that DOI’s office of chief information officer did not require the bureaus to deploy the department’s inventory management software on all computers, monitor computer configurations, create lists of approved software to safeguard systems from malware and comply with best practices for vulnerability mitigation and detection.

The inspector general offered six recommendations in response to the findings and in an effort to help DOI protect its IT infrastructure from potential exploitation.

Jeh Johnson, secretary of the Department of Homeland Security, has said that DHS is on track to meet the Dec. 18 congressional deadline for the deployment of Einstein 3A cyber platforms at all U.S. civilian agencies, Federal News Radio reported Tuesday.

Nicole Ogrysko writes Johnson said during his keynote address at the Critical Infrastructure Partnership Advisory Council meeting in Arlington, Virginia, that approximately 36 states have asked DHS to help perform vulnerability assessments on their election systems in preparation for the U.S. presidential election on Nov. 8.

He also cited the department’s efforts to urge Congress to authorize the realignment of the National Protection and Programs Directorate in an effort to recognize cyber professionals as their own operational component within DHS, Ogrysko reports.

“We believe that there should be a close alignment between cybersecurity and infrastructure protection,” Johnson said, according to the report.

Rep. Gerry Connolly (D-Virginia) expects the Senate to pass a bill that would set aside $3.1 billion in funds to support federal agencies’ information technology modernization efforts, Defense News reported Tuesday.

Joe Gould writes Connolly wants the Modernizing Government Technology Act to move through the Senate during a lame duck session of Congress after the Nov. 8 election.

Connolly and Rep. Will Hurd (R-Texas) introduced the bill that House lawmakers unanimously approved in September.

The legislation would also allow agencies to reinvest savings through compliance with the Federal Information Technology Acquisition Reform Act, Gould wrote.