FFIEC Encourages Standardized Approach to Assessing Cybersecurity Preparedness
The Federal Financial Institutions Examination Council (FFIEC) members today emphasized the benefits of using a standardized approach to assess and improve cybersecurity preparedness.
The members note that firms adopting a standardized approach are better able to track their progress over time, and share information and best practices with other financial institutions and with regulators.
Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls.
FFIEC members welcome collaborative approaches to advance and support cyber preparedness and enhance the efficiency and effectiveness of the supervisory process. While the FFIEC does not endorse any particular tool, these standardized tools support institutions in their self-assessment activities. The tools are not examination programs and the FFIEC members take a risk-focused approach to examinations. As cyber risk evolves, examiners may address areas not covered by all tools.
- FFIEC Cybersecurity Assessment Tool
- FSSCC Cybersecurity Profile
- NIST Cybersecurity Framework
- Center for Internet Security Control
- Federal Reserve Darren Gersh (202) 452-2955
- CFPB Marisol Garibay (202) 435-7425
- FDIC Julianne Fisher Breitbeil (202) 898-6895
- NCUA John Fairbanks (703) 518-6336
- OCC Stephanie Collins (202) 649-6870
- SLC James Kurtzke (202) 728-5733
Oct 20, 2021
Apr 1, 2021
Feb 25, 2021
Subscribe to CSBS
Stay up to date with the CSBS newsletter