FFIEC Releases Cybersecurity Assessment Tool
On June 30 the Federal Financial Institutions Examination Council released its Cybersecurity Assessment Tool. The tool is designed to help banks of all sizes assess identity risks and weaknesses in their cybersecurity preparedness programs.
At the moment, the tool is optional but regulators are preparing for the tool to be an integral part of future examinations. In some cases the tool may be used in cyber exam processes as early as June 2016.
Each of the regulatory agencies is expected to incorporate the tool into their examinations but they are all looking to give their institutions some time to get used to the tool and more involved in cybersecurity.
The tool includes three main components:
1. A risk profile assessment to help institutions understand how each activity, service and product can impact risk and affect inherent risk.
2. A cybersecurity maturity assessment to determine an institution’s cybersecurity maturity level.
3. An interpretation and analysis assessment to help institutions understand whether their inherent risks are appropriate relative to their cybersecurity maturity.
The FFIEC is also providing key steps for use and better understanding of the tool. These steps include:
1. An overview of cyber risks and the cybersecurity assessment tool for CEOs and boards of directors.
2. A user’s guide that explains all aspects of the tool and how it can be used by institutions to interpret and analyze their internal cybersecurity assessments.
3. An appendix section that provides links to IT related handbooks and statements, mapping how the cybersecurity assessment tool aligns with the NIST Cybersecurity Framework, and a glossary of common cyber-related terms.
The assessment features aim to provide institutions with a repeatable and measurable process for measuring cybersecurity preparedness over time.
If you have any questions about the FFIEC’s new cybersecurity assessment tool or how your bank is affected by the changing cybersecurity landscape call ITPAC today.