Cybersecurity is a key focus for the SEC. For example, the SEC Division of Examinations’ 2022 exam priorities report notes that registered investment advisers and broker-dealers must have strong information security and data protection controls to ensure their ability to continue operations in the event of a cyber attack or other disruption. Also, the SEC released proposed rules in February 2022 that would require investment advisers to adopt comprehensive cybersecurity policies and procedures; report certain significant cybersecurity incidents; and provide enhanced cybersecurity disclosures. FINRA is also keenly focused on cybersecurity, releasing a tool in May 2022 (Tool) to help small firms identify key cybersecurity risks and enhance their customer information protection, cybersecurity written supervisory programs and related controls. The Tool highlights the most common and recent categories of cybersecurity threats small firms face; includes questions to assist firms with addressing those threats; provides a summary of core controls small firms should consider; and contains relevant questions for firms to answer when evaluating their current cybersecurity programs. Although the Tool was written for broker-dealers, its guidance is generally applicable to fund managers’ oversight of their cybersecurity programs. This article summarizes the Tool and provides a checklist – including a standalone, downloadable version – created from the questions in the Tool that managers can use to assess the sufficiency of their cybersecurity programs. See “Private Funds Top the SEC’s 2022 Exam Priorities” (May 24, 2022); and “SEC Proposes Cyber Risk Management Rules for Advisers” (Apr. 12, 2022).