top of page
    • Nov 16, 2022
    • 2 min read

Revised Safeguards Rule Compliance Deadline Extended to June 2023 for Certain Requirements



Many dealerships have diligently worked to update their Information Security Programs in 2022 to come into compliance with the revised Safeguards Rule by the December 9th deadline. On November 15, 2022, the FTC announced that the compliance deadline would be extended until June 9th, 2023 for certain provisions of the revised rule.


Provisions Included in the Extension


The following requirements of the revised Rule now do not need to be in place until June 9, 2023.

  • Designate a Qualified Individual

  • Creation of a Written Risk Assessment

  • Implement Access Controls for Sensitive Customer Information

  • Encryption for Sensitive Customer Information

  • Training for Security Personnel

  • Creation of an Incident Response Plan

  • Service Provider Oversight

  • Implementation of Multifactor Authentication


Provisions Still Required by the December 9th Deadline

  • Continuous Vulnerability Scanning

  • Data and Systems Inventory

  • Systems Monitoring and Logging

  • Continuous Monitoring

  • Unauthorized Activity Monitoring

  • All-Employee Security Awareness Training

  • Secure Development Practices

  • Safe Data Disposal Practices

  • Change Management Procedures

  • Written Information Security Program (WISP)

  • Written Annual Report


Dealerships should understand that although they now have more time to come into compliance with the revised Rule, implementation of a full Safeguards Solution can take a month or more. Dealerships who have already begun the process should continue to roll out their programs. Dealerships who have not started the process should not delay.


Mosaic Cyber Security offers complete compliance with the revised FTC Safeguards Rule and has provided retail automotive compliance solutions for over 15 years. You can receive a tailored quote by filling out our Safeguards Status Questionnaire. In addition to satisfying all of the Rule’s requirements, Mosaic’s solution also allows you to pick and choose services a la carte. Our dedicated team will walk you through your custom roadmap, help set up your services, provide live support, and keep you on track so that you will achieve complete compliance on time!



bottom of page