News

New resource helps FIs assess, address cyberthreat readiness

The FFIEC says that financial institutions of all sizes can use the Cybersecurity Assessment Tool to inform their risk management planning.

July 1, 2015

The Federal Financial Institutions Examination Council has developed a Cybersecurity Assessment Tool to help FIs identify their risks and assess their cybersecurity strategies.

Financial institutions of all sizes can use the assessment tool and other methodologies to inform their risk management planning, an announcement from the FFIEC said.

The release of the Cybsercurity Assessment Tool follows last year's pilot assessment of cybersecurity preparedness at more than 500 institutions. FFIEC members plan to update the assessment as threats, vulnerabilities, and operational environments evolve.

In addition to the assessment, the FFIEC also has made available resources FIs that include:

• an executive overview;
• a user's guide;
• an online presentation explaining the assessment; and
• appendices that:
  • map the assessment's baseline maturity statements to the FFIEC Information Technology Examination Handbook;
  • map all maturity statements to the National Institute of Standards and Technology's Cybersecurity Framework; and
  • provide a glossary of terms.

The Cybersecurity Assessment Tool is now available online.

The FFIEC offers several other cybersecurity resources on its website, as well.

FFIEC members encourage FIs to comment on the assessment through an upcoming Paperwork Reduction Act notice in the Federal Register.