The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness.
Financial institutions of all sizes may use the Assessment and other methodologies to perform a self-assessment and inform their risk management strategies. The release of the Cybsercurity Assessment Tool follows last year’s pilot assessment of cybersecurity preparedness at more than 500 institutions. The FFIEC members plan to update the Assessment as threats, vulnerabilities, and operational environments evolve.
In addition to the Assessment, the FFIEC has also made available resources institutions may find useful, including an executive overview, a user’s guide, an online presentation explaining the Assessment, and appendices mapping the Assessment’s baseline maturity statements to the FFIEC Information Technology Examination Handbook, mapping all maturity statements to the National Institute of Standards and Technology's Cybersecurity Framework, and providing a glossary of terms.
The FFIEC members are also encouraging institutions to comment on the Assessment through an upcoming Paperwork Reduction Act notice in the Federal Register.