From Lawfare:

Last week, the Securities and Exchange Commission announced its intention to conduct an examination of the cybersecurity of 50 broker-dealers and investment advisers subject to its jurisdiction. The questionnaire derives much of its content from the NIST Framework—so now the Framework will be the likely potential ground for regulatory action.