The Baseline Nonbank Cybersecurity Exam Program was developed as part of the 2018 CSBS Board approved initiative to combat the growing threat of cyber-attacks in the financial system. The 2020 – 2023 CSBS Strategic Plan prioritizes state regulator implementation and use of this program. This exam program is designed as a baseline program, applicable to all nonbank institutions.
The exam program is focused on the critical parts of a cybersecurity program and was created to provide regulators a tool to examine the smaller, less complex institutions. This right sized approach benefits both the regulator and licensee by reducing the demand on regulator resources and is appropriately tailored to the needs of smaller institutions.
The exam program is by default sorted according to the Uniform Rating System for Information Technology (URSIT) component ratings of Audit, Management, Development and Acquisition, and Support and Delivery. However, to provide flexibility based on the examiner’s preference, there is also the ability to sort by the NIST Cybersecurity Framework functions of identify, protect, detect, respond, and recover. The exam program contains the Gramm-Leach-Bliley Act (GLBA) citation for each question.
Pre-Examination Documents to send to Entity
- Nonbank Cyber Exam Notification Letter
- Pre-Exam IT Officer's Questionnaire
- Pre-Exam Document Request List
Virtual Discussion Series
CSBS held a virtual discussion series on May 19-June 23, 2021, providing a question-by-question review of the Baseline Nonbank Cybersecurity Exam Program. All five sessions were recorded and are available through the FLEX Learning Management System.
To access the recordings:
- Go to https://www.CSBStraining.org and sign in. (This platform uses the Okta Single Sign On platform. If you do not already have an Okta account or don't remember your password, please email [email protected] to be set up).
- Locate the "Search Catalog" bar at the top of your homepage.
- Search for “Baseline Nonbank Cybersecurity Exam Program” in the Catalog Search to access the recordings.
To access the presentations, click here.