On June 30, the Federal Financial Institutions Examination Council (FFIEC) released a Cybersecurity Assessment Tool to assist institutions in assessing and reducing threats facing them. Along with the assessment, the FFIEC also provided an Overview for CEOs and Boards of Directors, User’s Guide, Inherent Risk Profile, Cybersecurity Maturity rating description, and video explaining the assessment to assist financial institutions. In addition, appendices are provided that include information about mapping the assessment to the FFIEC IT Handbook and the NIST Cybersecurity Framework.
These tools are meant for institutions of all sizes and have been made to provide a “repeatable and measurable process” for institutions to assess their cybersecurity readiness. FFIEC’s goal in providing these tools is to help companies make informed decisions regarding their risk management practices. Resulting from the FFIEC’s 2014 review of over 500 companies’ cybersecurity readiness, these tools will continue to be updated as new information emerges and environments change.
The FFIEC is an “interagency body empowered to prescribe uniform principles, standards, and report forms to the federal examination of financial institutions by the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB) and to promote uniformity in the supervision of financial institutions.” For additional resources from the FFIEC, please visit their Cybersecurity Awareness page.