FARADAY FUTURE INTELLIGENT ELECTRIC INC. 10-K Cybersecurity GRC - 2024-05-28

Page last updated on July 16, 2024

FARADAY FUTURE INTELLIGENT ELECTRIC INC. reported their cybersecurity risk management and governance process in a yearly 10-K filed on 2024-05-28 16:17:00 EDT.

Filings

10-K filed on 2024-05-28

FARADAY FUTURE INTELLIGENT ELECTRIC INC. filed a 10-K at 2024-05-28 16:17:00 EDT
Accession Number: 0001628280-24-025420

Note: filing items unformatted. Drop us a note with the above URL to help us prioritize formatting it!

Item 1C. Cybersecurity.

Item 1C. Cybersecurity We at Faraday Future employ a cybersecurity strategy for addressing cybersecurity risks, security vulnerabilities, and impacts that align with the NIST Cybersecurity Framework (CSF). The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, and measurable process to manage information security and privacy risks for Faraday Future systems. This framework outlines standards and guidelines to support the implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA). The NIST framework promotes the protection of Faraday Future infrastructure . We utilize the five core functions of the framework which are Identify, Protect, Detect, Respond, and Recover. Our Information technology security team has a working relationship with our third-party vendors such as Rapid7, Carbon Black and Cisco to provide guidance related to the management of cybersecurity risks. Our strategy includes both short- and long-term projects to increase the security surrounding our assets by using threat monitoring, threat detection, and SIEM tools within our security systems. We perform cybersecurity assessments with respect to asset scanning, risk assessments, and vulnerability scans with respect to users in our organization and third parties who provide critical services or who have access to critical confidential data. We have not identified any cybersecurity threats that have materially impaired or are reasonably likely to materially impair our operations or financial standing. Our critical business systems are fully redundant and backed up. Our security systems correlate security events from our SIEM and aggregate security-related incident data, such as malware activity, malicious activities, and ransomware. Security functionality is continuously monitored by our IT security team and our third party comanaged vendor soc team, and our network traffic is analyzed for signs of malicious activity through the Cyber security systems. Anti-virus solutions are deployed throughout our organization on servers, laptops and workstations in our data centers, headquarters, and remote sites. We have hired an independent third-party cybersecurity firm to perform penetration testing annually. The third-party checks for vulnerabilities on our external and internal network perimeters. If vulnerabilities are found, corrective actions are implemented to remediate any issues. Our employees are required to take annual cyber security training designed to help employees guard our cyber and physical data. Employees are tested on this training.

Company Information