Updated CAT released, with more response options

May 31, 2017 -- Additional cybersecurity response options -- which would allow financial institutions to include supplementary or complementary behaviors, practices and processes that represent current practices in support of their cybersecurity activity assessments - are outlined in an update to the Cybersecurity Assessment Tool (CAT) released today.

The update to the CAT by the Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, also addresses changes to its IT Exam Handbook. According to the Exam Council, the changes provide a revised mapping in Appendix A to the updated Information Security and Management booklets.

According to an FFIEC release, the CAT was developed to help financial institution management determine the institution's risk profile, inherent risks and cybersecurity preparedness. The CAT, the release states, “provides a repeatable and measurable process that financial institution management may use to measure cybersecurity preparedness over time.”

Use of the tool is voluntary, FFIEC stated, and financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness.

FFIEC release on updated CAT