Exam Council releases cybersecurity assessment tool
June 30, 2015 --
A proposed cybersecurity assessment tool designed to help credit unions and other financial institutions identify their risks and assess their cybersecurity preparedness was released today (June 30) by the Federal Financial Institutions Exam Council (FFIEC).
The assessment tool may be used by financials of any size (along with other methodologies) to perform a self-assessment and “inform their risk-management strategies,” the FFIEC stated in a release.
NASCUS President and CEO Lucy Ito noted that the proposed tool is a major undertaking by the Exam Council that state credit unions and regulators will be interested in reviewing very closely. "We fully expect that state regulators and NCUA will incorporate this assessment tool -- or a variant of the tool customized for credit unions -- into their exam processes," she said. "NASCUS will work closely with state regulators and NCUA to help walk credit unions through the new tool. We want to ensure that the industry is equipped to face the challenges of cyber-preparedness and that supervisory expectations as they relate to cybersecurity moving forward are clear for everyone."
She noted that,, at the upcoming NASCUS/CUNA Cybersecurity Symposium Aug. 23-24 in Denver, NCUA’s Tim Segerson is scheduled to present a two-hour session on this assessment tool alone.”
The FFIEC added that the release of the assessment tool follows last year’s pilot assessment of cybersecurity preparedness at more than 500 institutions. According to FFIEC, its members plan to update the assessment tool as threats, vulnerabilities and operational environments evolve.
Additionally, the FFIEC said it was making available other resources that financials may find useful, including:
- an executive overview,
- a user’s guide,
- an online presentation explaining the assessment tool, and
- appendices mapping the Assessment’s baseline maturity statements to the FFIEC Information Technology Examination Handbook, mapping all maturity statements to the National Institute of Standards and Technology's Cybersecurity Framework, and providing a glossary of terms.
More information is available on the FFIEC’s Cybersecurity Assessment Tool webpage.