WASHINGTON—The Federal Financial Institutions Examination Council (FFIEC), which includes NCUA, has released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness.
“Financial institutions of all sizes may use the Assessment and other methodologies to perform a self-assessment and inform their risk management strategies,” the FFIEC said. “The release of the Cybsercurity Assessment Tool follows last year’s pilot assessment of cybersecurity preparedness at more than 500 institutions. The FFIEC members plan to update the Assessment as threats, vulnerabilities, and operational environments evolve.”
In addition to the Assessment, the FFIEC has also made available resources institutions may find useful, including an executive overview, a user’s guide, an online presentation explaining the Assessment, and appendices mapping the Assessment’s baseline maturity statements to the FFIEC Information Technology Examination Handbook, mapping all maturity statements to the National Institute of Standards and Technology's Cybersecurity Framework, and providing a glossary of terms.
“This is a major undertaking by the Exam Council that state credit unions and regulators will be interested in reviewing very closely," said NASCUS CEO Lucy Ito. "We fully expect that state regulators and NCUA will incorporate this assessment tool -- or a variant of the tool customized for credit unions--into their exam processes. NASCUS will work closely with state regulators and NCUA to help walk credit unions through the new tool. We want to ensure that the industry is equipped to face the challenges of cyber-preparedness and that supervisory expectations as they relate to cybersecurity moving forward are clear for everyone. In fact, at the upcoming NASCUS/CUNA Cybersecurity Symposium Aug. 23-24 in Denver, NCUA’s Tim Segerson is scheduled to present a two-hour session on this assessment tool alone.”
Resources are available on the FFIEC website.