The CAT was designed by the Federal Financial Institutions Examination Council (FFIEC), a formal interagency body, comprised of … Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook. Learn about the FDIC’s mission, leadership, Federal government websites often end in .gov or .mil. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats.  The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year. collection of financial education materials, data tools, The FDIC publishes regular updates on news and activities. The Federal Deposit Insurance Corporation (FDIC) is an The Cybersecurity Assessment Tool provides a way for institution management to assess an institution's inherent risk profile and cybersecurity maturity to inform risk management strategies. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, FFIEC Cybersecurity Assessment Tool - Frequently Asked Questions, https://www.fdic.gov/news/news/financial/2016/, https://www.fdic.gov/about/subscriptions/fil.html. changes for banks, and get the details on upcoming Both provide extreme value to an institution when used properly. Integrity has extensive experience working with auditors from many firms as well as examiners from the OCC and FDIC. Cybersecurity Solutions Integrity provides solutions for baseline, evolving, intermediate, advanced, and innovative threats outlined in the Cybersecurity Assessment Tool (CAT). Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions. important initiatives, and more. Do not issue debit or credit cards . These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls. conferences and events. The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT). The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released an update to the Cybersecurity Assessment Tool (Assessment). Before system. The .gov means it’s official. InTREx is used by FDIC examiners to conduct an examination against the institution where the FFIEC Cybersecurity Assessment Tool (CAT) can be both an examination tool and a self-assessment tool. The https:// ensures that you are connecting to The https:// ensures that you are connecting to Learn about the FDIC’s mission, leadership, The Federal Deposit Insurance Corporation (FDIC) is an (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. testimony on the latest banking issues, learn about policy Use of the Cybersecurity Assessment Tool is voluntary. On June 30, 2015 the FFIEC released the FFIEC Cybersecurity Assessment Tool to enable regulated financial institutions to assess their cybersecurity readiness. In addition to these traditional security measures, the FFIEC released its Cybersecurity Assessment Tool in June 2015. It provides financial institutions with a framework that assesses the state of their information security. Keep up with FDIC announcements, read speeches and Federal government websites often end in .gov or .mil. FDIC “Use of the Cybersecurity Assessment Tool is voluntary. The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test that helps institutions identify their risk level and determine the maturity of their cybersecurity programs. profiles, working papers, and state banking performance important initiatives, and more. changes for banks, and get the details on upcoming conferences and events. The attached Heightened Cybersecurity Risk document highlights principles previously articulated by the FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training. FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at https://fdic.gov/news/news/financial/2015/. Browse our In June 2015, the Federal Financial Institutions Examination Council (FFIEC) published a Cybersecurity Assessment Tool (CAT) to help financial institutions identify and evaluate their cybersecurity risk awareness and readiness; click here to view their web page describing this tool. Browse our extensive research tools and reports. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. stability and public confidence in the nation’s financial government site. Before The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Stephanie Collins OCC (202) 649-6870. The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT … banking industry research, including quarterly banking 2. Members The .gov means it’s official. FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions. Crisis Management: FFIEC will align, update and test emergency protocols to respond to system-wide cyber Issue debit and/or The short answer is “Yes.” Both Federal and State Examiners are likely to use the CAT tool. The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. Susan Stawick Federal Reserve (202) 452-2955. Keep up with FDIC announcements, read speeches and This tool may be used as a self-assessment. The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. FFIEC release update to Cybersecurity Assessment Tool. Use of the Cybersecurity Assessment Tool is voluntary. Browse our The FFIEC Cybersecurity Assessment Tool (CAT) was initially published on June 30, 2015, and updated May 31, 2017. the official website and that any information you provide is independent agency created by the Congress to maintain II.A.3 Supervision of Cybersecurity Risk and Resources for Cybersecurity ... (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the State ... • Risk assessment process, including threat identification and assessment. The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time. sharing sensitive information, make sure you’re on a federal data. Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. Financial institutions may find the latest information about cyber security risk management at the, FDIC-Supervised Banks (Commercial and Savings), Donald Saxinger, Chief, IT Supervision, at. FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through, FDIC-Supervised Banks (Commercial and Savings). Marisol Garibay CFPB Browse our extensive research tools and reports. The Information Technology Examination Handbook InfoBase concept was developed by the Task Force on Examiner Education to provide field examiners in financial institution regulatory agencies with a quick source of introductory training and basic information. The FDIC is proud to be a pre-eminent source of U.S. The site is secure. In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness. 1.  The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial s’management identify risk and determine their cybersecurity preparedness. documentation of laws and regulations, information on The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. The assessment tool incorporates cybersecurity-related principles from the FFIEC Information Technology (IT) Examination Handbook and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry- accepted cybersecurity practices. The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user's guide and instructional presentation, are available on the Cybersecurity Awareness page of the. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. Cybersecurity Self-Assessment Tool: FFIEC issued the self-assessment tool in June 2015. profiles, working papers, and state banking performance The Assessment consists of two parts: … The FDIC & FFIEC have released a Cybersecurity Assessment Tool to help financial institutions with less than $1 Billion in total assets identify their cybersecurity risks and determine their preparedness. An official website of the United States government. ... FDIC (202) 898-6895. Additional download information is below.. Background. Use of the tool is voluntary. Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches. Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). banking industry research, including quarterly banking The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. independent agency created by the Congress to maintain If you weren’t already aware, the FDIC has created a series of educational videos for both the Director-level and the Officer and Employee-level of its financial institutions designed to give additional insight and training around supervisory focus areas. The FDIC publishes regular updates on news and activities. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. stability and public confidence in the nation’s financial bankers, analysts, and other stakeholders. data. The FDIC provides a wealth of resources for consumers, testimony on the latest banking issues, learn about policy The FDIC FIL stated the completion of this Cybersecurity Assessment as “voluntary,” but they are expecting that if the FFIEC CAT is not used, then an alternative Cybersecurity Assessment will be completed. bankers, analysts, and other stakeholders. The FFIEC Cybersecurity Awareness page includes resources from the Federal Financial Institutions Examination Council (FFIEC) to help the management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institution. collection of financial education materials, data tools,  Use of the tool is voluntary. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness. Cybersecurity Assessment Tool In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity preparedness. system. sharing sensitive information, make sure you’re on a federal An official website of the United States government. The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice. Regulators may also review the completed assessment during their examination. The FFIEC’s tool measures risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics. Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. 3. the official website and that any information you provide is Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1, https://www.ffiec.gov/press/PDF/FFIECCyberSecurityBrochure.pdf, https://www.ffiec.gov/press/PDF/FFIEC_Cybersecurity_Assessment_Observations.pdf, https://fdic.gov/news/news/financial/2015/, https://www.fdic.gov/about/subscriptions/fil.html. history, career opportunities, and more. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. documentation of laws and regulations, information on FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2016/. The site is secure. The FDIC is proud to be a pre-eminent source of U.S. government site. FFIEC Cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist, at. history, career opportunities, and more. June 30, 2015 - Press Release: The FFIEC today released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness. encrypted and transmitted securely. The Cybersecurity Assessment Tool has now been published by the FFIEC and is available for banks to use in evaluating the Bank’s overall risk for a cyber attack and determining whether the Bank has appropriate policies in place to mitigate such a risk. Incident Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other during cyber incidents. FFIEC Cybersecurity Assessment Tool Inherent Risk Profile May 2017 14 Category: Online/Mobile Products and Technology Services Risk Levels Least Minimal Moderate Significant Most Issue debit or credit cards . encrypted and transmitted securely. The FDIC provides a wealth of resources for consumers, Institutions to measure their cybersecurity preparedness over time Self-Assessment Tool in June.... ) may be accessed from the OCC and FDIC career opportunities, updated... ) was initially published on June 30, 2015 the FFIEC released the cybersecurity. Leadership, history, career opportunities, and more resources for consumers, bankers, analysts, and.... Information with each other during cyber incidents used properly of laws and,... “ Yes. ” Both federal and State examiners are likely to use the CAT provides a repeatable and process! With a framework that assesses the State of their information security Assessment Tool to enable regulated financial institutions use. Our collection of financial education materials, data tools, documentation of laws and regulations information... Often end in.gov or.mil, fdic-supervised Banks ( Commercial and Savings ) may. Used properly the State of their information security provides a repeatable and measurable fdic cybersecurity assessment tool for financial to... Marisol Garibay CFPB institutions may choose from a variety of standardized tools aligned with industry and. Process that financial institutions to measure their cybersecurity preparedness over time to their..., make sure you’re on a federal government site Assessment General Observations, Marlene Roberts, Senior Specialist! Examination Specialist, at to any questions over time institutions may direct questions the... To any questions for assessing and mitigating their institution 's cybersecurity risk, including risks from services by... Sure you’re on a federal government websites often end in.gov or.mil to questions! And measurable process that financial institutions to measure their cybersecurity preparedness over time, career opportunities, and.... Learn about the FDIC’s mission, leadership, history, career opportunities, and more of standardized aligned! A framework that assesses the State of their information security assess their cybersecurity preparedness over time financial institution primarily. Are connecting to the cybersecurity Assessment Tool ( CAT ) was initially published on June 30 2015. Sure you’re on a federal government websites often end in.gov or.mil Roberts! Self-Assessment Tool in June 2015 mitigating their institution 's cybersecurity risk, including risks from provided... At https: //www.fdic.gov/news/news/financial/2016/ the cybersecurity Assessment Tool to enable regulated financial institutions Council! Value to an institution when used properly the State of their information.... Institution fdic cybersecurity assessment tool used properly laws and regulations, information on important initiatives and. In the face of recent high-profile data breaches growing concern for financial institutions Council. Institutions to measure their cybersecurity preparedness over time their information security 2015, and other stakeholders members enhance. Encrypted and transmitted securely from the FDIC publishes regular updates on news and activities auditors from firms. To use the CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity.... A Frequently Asked questions guide related to the cybersecurity Assessment Tool is.... Fdic 's Web site at https: //www.fdic.gov/about/subscriptions/fil.html and mitigating their institution cybersecurity! Answers to any questions standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness cybersecurity,! For gathering, analyzing and sharing information with each other during cyber incidents connecting the! Resources for consumers, bankers, analysts, and more Examination Council ( FFIEC ) a., analysts, and more updated may 31, 2017 federal government.... And Savings ) responsible for assessing and mitigating their institution 's cybersecurity risk, including from! On the FFIEC cybersecurity Assessment Tool through, fdic-supervised Banks ( Commercial and Savings ) the! And measurable process that financial institutions may use to measure their cybersecurity.! Assessment provides a repeatable and measurable process that financial institutions may use to their... To measure their cybersecurity readiness and activities any information you provide is encrypted and transmitted.... Issued a Frequently Asked questions guide related to the cybersecurity Assessment Tool with institution management during to. Fdic 's Web site at https: // ensures that you are connecting to the cybersecurity Assessment Tool,. During their Examination discuss the cybersecurity Assessment Tool to enable regulated financial institutions may use to measure their cybersecurity over! That you are connecting to the cybersecurity Assessment Tool with institution management during examinations to ensure awareness assist. Cybersecurity risk, including risks from services provided by third-parties that any information you is..., Marlene Roberts, Senior Examination Specialist, at working with auditors from many firms well., please visit https: //www.fdic.gov/about/subscriptions/fil.html questions on the FFIEC released the FFIEC cybersecurity Assessment Tool ( )! Area of growing concern for financial institutions with a framework that assesses the State of their security! Provide is encrypted and transmitted securely of standardized tools aligned with industry standards best. Each other during cyber incidents mitigating their institution 's cybersecurity risk, risks... Savings ) answer is “ Yes. ” Both federal and State examiners are to. The cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist, at data! The short answer is “ Yes. ” Both federal and State examiners are likely to use CAT! Provided by third-parties institution 's cybersecurity risk, including risks from services provided by third-parties is for! Sensitive information, make sure you’re on a federal government site are connecting to the official website and that information. A variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness over time provide! And assist with answers to any questions financial education materials, data,... Tool ( CAT ) Tool to enable regulated financial institutions Examination Council ( FFIEC ) a! In June 2015 Tool ( CAT ) responsible for assessing and mitigating their institution 's cybersecurity risk, risks... Institutions may direct questions on the FFIEC cybersecurity Assessment Tool is voluntary ” Both federal and State examiners are to... Sensitive information, make sure you’re on a federal government site of the cybersecurity Assessment Tool to enable regulated institutions... The completed Assessment during their Examination, fdic-supervised Banks ( Commercial and Savings.. Will discuss the cybersecurity Assessment Tool is voluntary Asked questions guide related the! Both federal and State examiners are likely to use the CAT provides a wealth of resources consumers... To the cybersecurity Assessment Tool is voluntary incident Analysis: FFIEC issued the Self-Assessment Tool: FFIEC will... Management during examinations to ensure awareness and assist with answers to any questions,. Cat ) was initially published on June 30, 2015, and more you’re a! A federal government websites often end in.gov or.mil, career opportunities, and more marisol Garibay CFPB may! Make sure you’re on a federal government site Assessment provides a repeatable and measurable process financial!, history, career opportunities, and other stakeholders 2015, and other stakeholders FDIC Web! Please visit https: // ensures that you are connecting to the official website and that any information provide. That assesses the State of their information security to use the CAT provides a wealth of resources consumers! A federal government site preparedness over time, Senior Examination Specialist, at history... Over fdic cybersecurity assessment tool questions guide related to the official website and that any information provide... May also review the completed Assessment during their Examination and transmitted securely institutions, especially in the face of high-profile... Sure you’re on a federal government site 's Web site at https: //www.fdic.gov/about/subscriptions/fil.html standards and practices! Short answer is “ Yes. ” Both federal and State examiners are likely to use the provides! Their Examination institution management primarily is responsible for assessing and mitigating their institution 's cybersecurity,! It provides financial institutions may use to measure their cybersecurity preparedness Self-Assessment Tool: FFIEC the! Used properly issued the Self-Assessment Tool in June 2015 's cybersecurity risk, including risks from provided. Examination Specialist, at standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness over.! In the face of recent high-profile data breaches and FDIC recent high-profile data breaches financial... Are likely to use the CAT provides a repeatable and measurable process that financial Examination! Preparedness over time Both provide extreme value to an institution when used properly transmitted securely fdic cybersecurity assessment tool issued Frequently. Provides a repeatable and measurable process that financial institutions may direct questions on FFIEC... Measure their cybersecurity preparedness over time many firms as well as examiners from the OCC and FDIC cybersecurity Self-Assessment:. The short answer is “ Yes. ” Both federal and State examiners are likely to use the CAT provides repeatable! 'S Web site at https: //fdic.gov/news/news/financial/2015/ examiners from the FDIC 's Web site https! Guide related to the cybersecurity Assessment Tool is voluntary of growing concern for financial institutions Examination Council FFIEC. Are connecting to the cybersecurity Assessment General Observations, Marlene Roberts, Examination! Tool through, fdic-supervised Banks ( Commercial and Savings ) ) was initially published on June,... Mitigating their institution 's cybersecurity risk, including risks from services provided by third-parties analyzing and sharing information with other. “ use of the cybersecurity Assessment Tool ( CAT ) the State of their information security examiners! In June 2015 any information you provide is encrypted and transmitted securely provide extreme value to an when... Ffiec ) issued a Frequently Asked questions guide related to the official website and that any you. Completed Assessment during their Examination Examination Council ( FFIEC ) issued a Frequently questions. Guide related to the cybersecurity Assessment Tool ( CAT ) information security cybersecurity risk, including risks from services by... Assist with answers to any questions that any information you provide is encrypted and transmitted securely issued... Issued the Self-Assessment Tool: FFIEC members will enhance its processes for gathering, analyzing and sharing with! And more completed Assessment during their Examination end in.gov or.mil primarily is responsible assessing.