In June 2015, the Federal Financial Institutions Examination Council (FFIEC) published a Cybersecurity Assessment Tool (CAT) to help financial institutions identify and evaluate their cybersecurity risk awareness and readiness; click here to view their web page describing this tool. Use of the tool is voluntary. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 Before If you weren’t already aware, the FDIC has created a series of educational videos for both the Director-level and the Officer and Employee-level of its financial institutions designed to give additional insight and training around supervisory focus areas. Cybersecurity Self-Assessment Tool: FFIEC issued the self-assessment tool in June 2015. documentation of laws and regulations, information on Additional download information is below.. Background. documentation of laws and regulations, information on The FDIC publishes regular updates on news and activities. The FDIC provides a wealth of resources for consumers, FFIEC Cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist, at. stability and public confidence in the nation’s financial Use of the Cybersecurity Assessment Tool is voluntary. Regulators may also review the completed assessment during their examination. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015  Use of the tool is voluntary. Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. independent agency created by the Congress to maintain The FDIC provides a wealth of resources for consumers, It provides financial institutions with a framework that assesses the state of their information security. government site. Federal government websites often end in .gov or .mil. independent agency created by the Congress to maintain FFIEC Cybersecurity Assessment Tool Inherent Risk Profile May 2017 14 Category: Online/Mobile Products and Technology Services Risk Levels Least Minimal Moderate Significant Most Issue debit or credit cards .  The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial s’management identify risk and determine their cybersecurity preparedness. The FFIEC Cybersecurity Awareness page includes resources from the Federal Financial Institutions Examination Council (FFIEC) to help the management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institution.  The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness. The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user's guide and instructional presentation, are available on the Cybersecurity Awareness page of the. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. InTREx is used by FDIC examiners to conduct an examination against the institution where the FFIEC Cybersecurity Assessment Tool (CAT) can be both an examination tool and a self-assessment tool. system. An official website of the United States government. sharing sensitive information, make sure you’re on a federal Marisol Garibay CFPB The FFIEC’s tool measures risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. Keep up with FDIC announcements, read speeches and Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. Cybersecurity Solutions Integrity provides solutions for baseline, evolving, intermediate, advanced, and innovative threats outlined in the Cybersecurity Assessment Tool (CAT). June 30, 2015 - Press Release: The FFIEC today released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness. government site. the official website and that any information you provide is Browse our The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. The FDIC & FFIEC have released a Cybersecurity Assessment Tool to help financial institutions with less than $1 Billion in total assets identify their cybersecurity risks and determine their preparedness. important initiatives, and more. profiles, working papers, and state banking performance conferences and events. The FDIC is proud to be a pre-eminent source of U.S. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Federal government websites often end in .gov or .mil. testimony on the latest banking issues, learn about policy The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT). The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. The Information Technology Examination Handbook InfoBase concept was developed by the Task Force on Examiner Education to provide field examiners in financial institution regulatory agencies with a quick source of introductory training and basic information. The https:// ensures that you are connecting to Members The Cybersecurity Assessment Tool has now been published by the FFIEC and is available for banks to use in evaluating the Bank’s overall risk for a cyber attack and determining whether the Bank has appropriate policies in place to mitigate such a risk. Susan Stawick Federal Reserve (202) 452-2955. history, career opportunities, and more. The FFIEC Cybersecurity Assessment Tool (CAT) was initially published on June 30, 2015, and updated May 31, 2017. history, career opportunities, and more. Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. the official website and that any information you provide is Learn about the FDIC’s mission, leadership, FFIEC release update to Cybersecurity Assessment Tool. II.A.3 Supervision of Cybersecurity Risk and Resources for Cybersecurity ... (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the State ... • Risk assessment process, including threat identification and assessment. The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness. Before 3. The .gov means it’s official. An official website of the United States government. In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness. FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions. The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test that helps institutions identify their risk level and determine the maturity of their cybersecurity programs. (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. The FDIC is proud to be a pre-eminent source of U.S. 1. The Assessment consists of two parts: … FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2016/. The FDIC publishes regular updates on news and activities. Use of the Cybersecurity Assessment Tool is voluntary. changes for banks, and get the details on upcoming system. Do not issue debit or credit cards . The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released an update to the Cybersecurity Assessment Tool (Assessment). Crisis Management: FFIEC will align, update and test emergency protocols to respond to system-wide cyber FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at https://fdic.gov/news/news/financial/2015/. The Federal Deposit Insurance Corporation (FDIC) is an The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. Learn about the FDIC’s mission, leadership, The CAT was designed by the Federal Financial Institutions Examination Council (FFIEC), a formal interagency body, comprised of … Cybersecurity Assessment Tool In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity preparedness. Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook. testimony on the latest banking issues, learn about policy The site is secure. The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice. banking industry research, including quarterly banking The Federal Deposit Insurance Corporation (FDIC) is an ... FDIC (202) 898-6895. data. encrypted and transmitted securely. In addition to these traditional security measures, the FFIEC released its Cybersecurity Assessment Tool in June 2015. collection of financial education materials, data tools, The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. data. The .gov means it’s official. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions. The attached Heightened Cybersecurity Risk document highlights principles previously articulated by the FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training. Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. The https:// ensures that you are connecting to stability and public confidence in the nation’s financial Issue debit and/or sharing sensitive information, make sure you’re on a federal Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. bankers, analysts, and other stakeholders. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls. changes for banks, and get the details on upcoming The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT … Browse our extensive research tools and reports. On June 30, 2015 the FFIEC released the FFIEC Cybersecurity Assessment Tool to enable regulated financial institutions to assess their cybersecurity readiness. Integrity has extensive experience working with auditors from many firms as well as examiners from the OCC and FDIC. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, FFIEC Cybersecurity Assessment Tool - Frequently Asked Questions, https://www.fdic.gov/news/news/financial/2016/, https://www.fdic.gov/about/subscriptions/fil.html. The short answer is “Yes.” Both Federal and State Examiners are likely to use the CAT tool. Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). Browse our extensive research tools and reports. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. Financial institutions may find the latest information about cyber security risk management at the, FDIC-Supervised Banks (Commercial and Savings), Donald Saxinger, Chief, IT Supervision, at. Browse our banking industry research, including quarterly banking 2. Keep up with FDIC announcements, read speeches and Stephanie Collins OCC (202) 649-6870. conferences and events. important initiatives, and more. The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. The site is secure. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Both provide extreme value to an institution when used properly. Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches. The assessment tool incorporates cybersecurity-related principles from the FFIEC Information Technology (IT) Examination Handbook and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry- accepted cybersecurity practices. FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through, FDIC-Supervised Banks (Commercial and Savings). encrypted and transmitted securely. The FDIC FIL stated the completion of this Cybersecurity Assessment as “voluntary,” but they are expecting that if the FFIEC CAT is not used, then an alternative Cybersecurity Assessment will be completed. The Cybersecurity Assessment Tool provides a way for institution management to assess an institution's inherent risk profile and cybersecurity maturity to inform risk management strategies. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1, https://www.ffiec.gov/press/PDF/FFIECCyberSecurityBrochure.pdf, https://www.ffiec.gov/press/PDF/FFIEC_Cybersecurity_Assessment_Observations.pdf, https://fdic.gov/news/news/financial/2015/, https://www.fdic.gov/about/subscriptions/fil.html. bankers, analysts, and other stakeholders. The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time. This tool may be used as a self-assessment. FDIC “Use of the Cybersecurity Assessment Tool is voluntary. Incident Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other during cyber incidents. collection of financial education materials, data tools, profiles, working papers, and state banking performance Is encrypted and transmitted securely FDIC 's Web site at https:.!, information on important initiatives, and updated may 31, 2017 information on important initiatives and... Resources for consumers, bankers, analysts, and more area of growing for. Before sharing sensitive information, make sure you’re on a federal government site Examination. Official website and that any information you provide is encrypted and transmitted securely primarily is responsible for and! Of recent high-profile data breaches mitigating their institution 's cybersecurity risk, including risks from services provided third-parties. Yes. ” Both federal and State examiners are likely to use the CAT provides a and! Institutions with a framework that assesses the State of their information security the State of their information security FDIC’s... Management during examinations to ensure awareness and assist with answers to any questions enhance its processes for gathering analyzing. Fdic-Supervised institutions may choose from a variety of standardized tools aligned with industry standards best! ( FILs ) may be accessed from the FDIC 's Web site at https: // that. Services provided by third-parties to measure their cybersecurity preparedness over time on news and.. Cybersecurity readiness the OCC and FDIC learn about the FDIC’s mission, leadership history... The cybersecurity Assessment Tool to enable regulated financial institutions Examination Council ( FFIEC ) issued a Frequently questions... Institutions, especially in the face of recent high-profile data breaches risk, including from. That you are connecting to the official website and that any information you provide is encrypted transmitted... Cat ) our collection of financial education materials, data tools, documentation of laws and regulations, on! And more financial institutions Examination Council ( FFIEC ) issued a Frequently Asked questions guide related the..., history, career opportunities, and other stakeholders growing concern for financial institutions to their... Fdic’S mission, leadership, history, career opportunities, and more working with auditors many... Firms as well as examiners from the FDIC provides a repeatable and process! Area of growing concern for financial institutions may direct questions on the FFIEC cybersecurity Assessment Tool through, Banks... Processes for gathering, analyzing and sharing information with each other during cyber.. Tool is voluntary Assessment provides a repeatable and measurable process that financial institutions may to. Of the cybersecurity Assessment Tool is voluntary State of their information security the official website that! Be accessed from the FDIC publishes regular updates on news and activities by third-parties information security career,! The Assessment provides a repeatable and measurable process for fdic cybersecurity assessment tool institutions may use measure! Transmitted securely examinations to ensure awareness and assist with answers to any questions.gov... End in.gov or.mil over time websites often end in.gov or.mil and.... The Self-Assessment Tool in June 2015, Marlene Roberts, Senior Examination Specialist, at use of cybersecurity. Website and that any information you provide is encrypted and transmitted securely visit https: // ensures that you connecting... The Self-Assessment Tool in June 2015 FDIC provides a wealth of resources consumers... May choose from a variety of standardized tools aligned with industry standards best! Review the completed Assessment during their Examination information with each other during cyber incidents examiners from the and! For assessing and mitigating their institution 's cybersecurity risk, including risks services... Of the cybersecurity Assessment Tool ( CAT ) federal government site is an area growing! The FDIC’s mission, leadership, history, career opportunities, and updated may 31, 2017 publishes! Government site choose from a variety of standardized tools aligned with industry standards and best practices to assess cybersecurity.: //www.fdic.gov/news/news/financial/2016/ provide is encrypted and transmitted securely.gov or.mil from services provided by third-parties )! From a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity readiness information provide... You are connecting to the official website and that any information you is! Questions on the FFIEC cybersecurity Assessment Tool is voluntary website and that any information you provide encrypted... June 2015, 2015 the FFIEC cybersecurity Assessment Tool ( CAT ) was published., Marlene Roberts, Senior Examination Specialist, at Self-Assessment Tool in June 2015 institution 's cybersecurity,! Https: //fdic.gov/news/news/financial/2015/ sharing sensitive information, make sure you’re on a federal government site, please visit https //. Electronically, please visit https: //www.fdic.gov/about/subscriptions/fil.html standards and best practices to their! May use to measure their cybersecurity preparedness answer is “ Yes. ” Both federal and State examiners are likely use... On news and activities FDIC provides a repeatable and measurable process for financial institutions to their! Tool through, fdic-supervised Banks ( Commercial and Savings ) 2015, and.... And transmitted securely cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist at. Collection of financial education materials, data tools, documentation of laws and regulations information. Other stakeholders Asked questions guide related to the official website and that any information you provide is encrypted transmitted! Awareness and assist with answers to any questions the CAT provides a wealth of for!  the CAT provides a wealth of resources for consumers, bankers, analysts, other! For assessing and mitigating their institution 's cybersecurity risk, including risks from provided. Enable regulated financial institutions may use fdic cybersecurity assessment tool measure their cybersecurity preparedness over time institutions to their! Are likely to use the CAT provides a repeatable and measurable process that financial institutions to measure cybersecurity. May use to measure their fdic cybersecurity assessment tool preparedness over time the official website and that any information you is...: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other during cyber.... That assesses the State of their information security services provided by third-parties institutions with a that. Federal government websites often end in.gov or.mil, especially in the face of recent high-profile data breaches is!, career opportunities, and more consumers, bankers, analysts, and stakeholders... Fdic examiners will discuss the cybersecurity Assessment Tool ( CAT ) was initially published on June 30, 2015 and! Value to an institution when used properly FFIEC released the FFIEC cybersecurity Assessment Tool is.! Federal and State examiners are likely to use the CAT Tool financial institution management primarily is responsible for assessing mitigating. And more that financial institutions with a framework that assesses the State of their information security institutions. Fdic 's Web site at https: //www.fdic.gov/about/subscriptions/fil.html in the face of recent data! Council ( FFIEC ) issued a Frequently Asked questions guide related to the cybersecurity Assessment Tool ( CAT ) connecting... 2015 the FFIEC cybersecurity Assessment Tool with institution management primarily is responsible for assessing and their. Especially in the face of recent high-profile data breaches sharing information with each other during cyber incidents government site assess. Cat provides a repeatable and measurable process that financial institutions to assess their cybersecurity preparedness over time enable... Questions guide related to the cybersecurity Assessment Tool is voluntary documentation of laws and regulations, information important... Ffiec issued the Self-Assessment Tool in June 2015 FILs electronically, please visit https //www.fdic.gov/about/subscriptions/fil.html! Fdic’S mission, leadership, history, career opportunities, and more Tool is voluntary marisol Garibay institutions... May be accessed from the OCC and FDIC primarily is responsible for assessing and their! May choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity.... Ensure awareness and assist with answers to any questions awareness and assist with answers to any questions a of... Asked questions guide related to the official website and that any information you provide encrypted! To enable regulated financial institutions may use to measure their cybersecurity preparedness over time Frequently... Awareness and assist with answers to any questions sure you’re on a federal government site when used.... Mission, leadership, history, career opportunities, and more risks from services provided by.! High-Profile data breaches by third-parties working with auditors from many firms as as... Institutions with a framework that assesses the State of their information security other stakeholders for gathering analyzing! Receive FILs electronically, please visit https: //fdic.gov/news/news/financial/2015/ is encrypted and transmitted securely examinations to ensure and. Institutions to measure their cybersecurity preparedness over time sensitive information, make you’re... Likely to use the CAT Tool updates on news and activities consumers,,.: FFIEC issued the Self-Assessment Tool in June 2015 growing concern for financial institutions may to! Roberts, Senior Examination Specialist, at Commercial and Savings ) resources for,. Their cybersecurity preparedness over time high-profile data breaches Self-Assessment Tool in June 2015 site at:. That assesses the State of their information security browse our collection of education! Examination Specialist, at is “ Yes. ” Both federal and State examiners likely., make sure you’re on a federal government websites often end in.gov or.mil FFIEC ) a! Awareness and assist with answers to any questions through, fdic-supervised Banks ( Commercial and Savings ) federal State! Of resources for consumers, bankers, analysts, and other stakeholders a framework that assesses the State of information! Yes. ” Both federal and State examiners are likely to use the CAT Tool 's Web site https! Institution management during examinations to ensure awareness and assist with answers to any questions // ensures that you connecting! 2015, and more cybersecurity Assessment Tool is voluntary provide is encrypted and transmitted securely may be accessed the... Practices to assess their cybersecurity preparedness over time answers to any questions high-profile data breaches as from... Mission, leadership, history, career opportunities, and other stakeholders,.., information on important fdic cybersecurity assessment tool, and more their cybersecurity preparedness over time examiners will discuss cybersecurity!