On September 8, 2016 the CFTC approved "system safeguard and testing"  - aka cyber security - requirements that will be applicable to certain regulated entities:  DCOs, DCMs, SEFs and SDRs.  Final Rules implementing these requirements were ultimately published on September 19, 2016 and became effective on the date of publication.