XML 40 R22.htm IDEA: XBRL DOCUMENT v3.25.0.1
Cybersecurity Risk Management and Strategy Disclosure
 12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]  
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Risk Management

USO does not have computer systems or networks. Pursuant to the terms of the LP Agreement, USO’s affairs are managed by USCF. USCF has implemented an information security program that is focused on ensuring the security and protection of computer systems and oversight of third-party service providers. This program includes specific provisions pertaining to data security and the security of information that, if disclosed, could have detrimental effects on USO. Such provisions relate to the handling of information and computers, as well as the protection of computer systems and software from unauthorized persons. USCF engages a third-party consultant and service provider to assist with information technology services and advise on USCF’s information technology infrastructure. As needed, but no less frequently than annually, USCF evaluates its cybersecurity risk profile in accordance with its compliance policies and procedures. To mitigate the risks from cybersecurity threats posed by third parties, USCF conducts due diligence on its critical third-party service providers with respect to (1) the cybersecurity programs and policies that they have in place as well as how they safeguard sensitive information, and (2) how those programs and policies apply to customers, including USCF and USO.

USCF’s procedures include guidance for determining the materiality of cybersecurity incidents, including with respect to cybersecurity incidents experienced by third-party service providers. Such determinations are made by USCF’s senior management, including its Chief Executive Officer, which uses both qualitative and quantitative factors in assessing the material impact of an incident. The factors include the functional impact, the information impact, costs, the observed activity, the location of observed activity, actor characterization, and recoverability of information. As of the date of this report, USCF is not aware of any material risks from

cybersecurity threats that have materially affected or are reasonably likely to materially affect USO, including its business strategy, results of operations, or financial condition.
Cybersecurity Risk Management Processes Integrated [Flag] true
Cybersecurity Risk Management Processes Integrated [Text Block] Pursuant to the terms of the LP Agreement, USO’s affairs are managed by USCF. USCF has implemented an information security program that is focused on ensuring the security and protection of computer systems and oversight of third-party service providers. This program includes specific provisions pertaining to data security and the security of information that, if disclosed, could have detrimental effects on USO. Such provisions relate to the handling of information and computers, as well as the protection of computer systems and software from unauthorized persons. USCF engages a third-party consultant and service provider to assist with information technology services and advise on USCF’s information technology infrastructure. As needed, but no less frequently than annually, USCF evaluates its cybersecurity risk profile in accordance with its compliance policies and procedures.
Cybersecurity Risk Management Third Party Engaged [Flag] true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag] true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag] false
Cybersecurity Risk Board of Directors Oversight [Text Block]

Governance

The Director of Compliance, as identified below, provides regular reports to USCF’s Board of Directors on developments to the information security and cybersecurity risks facing USO. Reports may include, among other things, an overview of the controls and procedures related to to assessing, identifying, and managing risks related to cybersecurity threats, oversight of third-party service providers and related cybersecurity threats, and management’s evaluation of cybersecurity risks material to USO.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block] The Director of Compliance
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

The Director of Compliance, as identified below, provides regular reports to USCF’s Board of Directors on developments to the information security and cybersecurity risks facing USO. Reports may include, among other things, an overview of the controls and procedures related to to assessing, identifying, and managing risks related to cybersecurity threats, oversight of third-party service providers and related cybersecurity threats, and management’s evaluation of cybersecurity risks material to USO.
Cybersecurity Risk Role of Management [Text Block]

USO does not have computer systems or networks. Pursuant to the terms of the LP Agreement, USO’s affairs are managed by USCF. USCF has implemented an information security program that is focused on ensuring the security and protection of computer systems and oversight of third-party service providers. This program includes specific provisions pertaining to data security and the security of information that, if disclosed, could have detrimental effects on USO. Such provisions relate to the handling of information and computers, as well as the protection of computer systems and software from unauthorized persons. USCF engages a third-party consultant and service provider to assist with information technology services and advise on USCF’s information technology infrastructure. As needed, but no less frequently than annually, USCF evaluates its cybersecurity risk profile in accordance with its compliance policies and procedures. To mitigate the risks from cybersecurity threats posed by third parties, USCF conducts due diligence on its critical third-party service providers with respect to (1) the cybersecurity programs and policies that they have in place as well as how they safeguard sensitive information, and (2) how those programs and policies apply to customers, including USCF and USO.

USCF’s procedures include guidance for determining the materiality of cybersecurity incidents, including with respect to cybersecurity incidents experienced by third-party service providers. Such determinations are made by USCF’s senior management, including its Chief Executive Officer, which uses both qualitative and quantitative factors in assessing the material impact of an incident. The factors include the functional impact, the information impact, costs, the observed activity, the location of observed activity, actor characterization, and recoverability of information. As of the date of this report, USCF is not aware of any material risks from

cybersecurity threats that have materially affected or are reasonably likely to materially affect USO, including its business strategy, results of operations, or financial condition.
Cybersecurity Risk Management Positions or Committees Responsible [Flag] true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block] USCF’s senior management, including its Chief Executive Officer
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block] USCF’s procedures include guidance for determining the materiality of cybersecurity incidents, including with respect to cybersecurity incidents experienced by third-party service providers. Such determinations are made by USCF’s senior management, including its Chief Executive Officer, which uses both qualitative and quantitative factors in assessing the material impact of an incident. The factors include the functional impact, the information impact, costs, the observed activity, the location of observed activity, actor characterization, and recoverability of information.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag] true