The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. The FDIC & FFIEC have released a Cybersecurity Assessment Tool to help financial institutions with less than $1 Billion in total assets identify their cybersecurity risks and determine their preparedness. Issue debit and/or The FDIC provides a wealth of resources for consumers, The FFIEC Cybersecurity Awareness page includes resources from the Federal Financial Institutions Examination Council (FFIEC) to help the management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institution. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1, https://www.ffiec.gov/press/PDF/FFIECCyberSecurityBrochure.pdf, https://www.ffiec.gov/press/PDF/FFIEC_Cybersecurity_Assessment_Observations.pdf, https://fdic.gov/news/news/financial/2015/, https://www.fdic.gov/about/subscriptions/fil.html. Use of the Cybersecurity Assessment Tool is voluntary.  The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. It provides financial institutions with a framework that assesses the state of their information security. data. independent agency created by the Congress to maintain The .gov means it’s official. the official website and that any information you provide is The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness. Cybersecurity Assessment Tool In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity preparedness. The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released an update to the Cybersecurity Assessment Tool (Assessment). Federal government websites often end in .gov or .mil. On June 30, 2015 the FFIEC released the FFIEC Cybersecurity Assessment Tool to enable regulated financial institutions to assess their cybersecurity readiness. Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). The FDIC publishes regular updates on news and activities. encrypted and transmitted securely. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. This tool may be used as a self-assessment. independent agency created by the Congress to maintain Keep up with FDIC announcements, read speeches and FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at https://fdic.gov/news/news/financial/2015/. The Cybersecurity Assessment Tool has now been published by the FFIEC and is available for banks to use in evaluating the Bank’s overall risk for a cyber attack and determining whether the Bank has appropriate policies in place to mitigate such a risk. ... FDIC (202) 898-6895. Federal government websites often end in .gov or .mil. The Federal Deposit Insurance Corporation (FDIC) is an Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. profiles, working papers, and state banking performance stability and public confidence in the nation’s financial The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice. In addition to these traditional security measures, the FFIEC released its Cybersecurity Assessment Tool in June 2015. Do not issue debit or credit cards . Susan Stawick Federal Reserve (202) 452-2955. collection of financial education materials, data tools, FFIEC Cybersecurity Assessment Tool Inherent Risk Profile May 2017 14 Category: Online/Mobile Products and Technology Services Risk Levels Least Minimal Moderate Significant Most Issue debit or credit cards . system. history, career opportunities, and more. Browse our extensive research tools and reports. Additional download information is below.. Background. important initiatives, and more. The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. Browse our 3. important initiatives, and more. The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test that helps institutions identify their risk level and determine the maturity of their cybersecurity programs. The FDIC provides a wealth of resources for consumers, system. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. InTREx is used by FDIC examiners to conduct an examination against the institution where the FFIEC Cybersecurity Assessment Tool (CAT) can be both an examination tool and a self-assessment tool. The https:// ensures that you are connecting to The Cybersecurity Assessment Tool provides a way for institution management to assess an institution's inherent risk profile and cybersecurity maturity to inform risk management strategies. banking industry research, including quarterly banking Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). bankers, analysts, and other stakeholders. Learn about the FDIC’s mission, leadership, In June 2015, the Federal Financial Institutions Examination Council (FFIEC) published a Cybersecurity Assessment Tool (CAT) to help financial institutions identify and evaluate their cybersecurity risk awareness and readiness; click here to view their web page describing this tool. Both provide extreme value to an institution when used properly. FFIEC release update to Cybersecurity Assessment Tool. Stephanie Collins OCC (202) 649-6870. In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness. II.A.3 Supervision of Cybersecurity Risk and Resources for Cybersecurity ... (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the State ... • Risk assessment process, including threat identification and assessment. government site. The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. government site. The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. An official website of the United States government. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, FFIEC Cybersecurity Assessment Tool - Frequently Asked Questions, https://www.fdic.gov/news/news/financial/2016/, https://www.fdic.gov/about/subscriptions/fil.html. encrypted and transmitted securely. FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2016/. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions. collection of financial education materials, data tools, The https:// ensures that you are connecting to Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT … June 30, 2015 - Press Release: The FFIEC today released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness. Members conferences and events. Browse our Before To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. sharing sensitive information, make sure you’re on a federal changes for banks, and get the details on upcoming  The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial s’management identify risk and determine their cybersecurity preparedness. sharing sensitive information, make sure you’re on a federal testimony on the latest banking issues, learn about policy Integrity has extensive experience working with auditors from many firms as well as examiners from the OCC and FDIC. Browse our extensive research tools and reports. The attached Heightened Cybersecurity Risk document highlights principles previously articulated by the FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training. If you weren’t already aware, the FDIC has created a series of educational videos for both the Director-level and the Officer and Employee-level of its financial institutions designed to give additional insight and training around supervisory focus areas. The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT). Before FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 bankers, analysts, and other stakeholders. Use of the Cybersecurity Assessment Tool is voluntary. FDIC “Use of the Cybersecurity Assessment Tool is voluntary. history, career opportunities, and more. 1. The assessment tool incorporates cybersecurity-related principles from the FFIEC Information Technology (IT) Examination Handbook and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry- accepted cybersecurity practices. Learn about the FDIC’s mission, leadership, profiles, working papers, and state banking performance The Information Technology Examination Handbook InfoBase concept was developed by the Task Force on Examiner Education to provide field examiners in financial institution regulatory agencies with a quick source of introductory training and basic information. Marisol Garibay CFPB Cybersecurity Self-Assessment Tool: FFIEC issued the self-assessment tool in June 2015. Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. The FDIC publishes regular updates on news and activities. conferences and events. Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches.  Use of the tool is voluntary. The short answer is “Yes.” Both Federal and State Examiners are likely to use the CAT tool. The Federal Deposit Insurance Corporation (FDIC) is an (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. Cybersecurity Solutions Integrity provides solutions for baseline, evolving, intermediate, advanced, and innovative threats outlined in the Cybersecurity Assessment Tool (CAT). The FFIEC’s tool measures risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics. stability and public confidence in the nation’s financial The CAT was designed by the Federal Financial Institutions Examination Council (FFIEC), a formal interagency body, comprised of … Use of the tool is voluntary. data. The FDIC is proud to be a pre-eminent source of U.S. documentation of laws and regulations, information on The site is secure. The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year. changes for banks, and get the details on upcoming The site is secure. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. 2. Crisis Management: FFIEC will align, update and test emergency protocols to respond to system-wide cyber documentation of laws and regulations, information on FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions. The FDIC is proud to be a pre-eminent source of U.S. An official website of the United States government. The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user's guide and instructional presentation, are available on the Cybersecurity Awareness page of the. FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through, FDIC-Supervised Banks (Commercial and Savings). Regulators may also review the completed assessment during their examination. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. The Assessment consists of two parts: … The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. The .gov means it’s official. The FDIC FIL stated the completion of this Cybersecurity Assessment as “voluntary,” but they are expecting that if the FFIEC CAT is not used, then an alternative Cybersecurity Assessment will be completed. Keep up with FDIC announcements, read speeches and FFIEC Cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist, at. Financial institutions may find the latest information about cyber security risk management at the, FDIC-Supervised Banks (Commercial and Savings), Donald Saxinger, Chief, IT Supervision, at. the official website and that any information you provide is The FFIEC Cybersecurity Assessment Tool (CAT) was initially published on June 30, 2015, and updated May 31, 2017. testimony on the latest banking issues, learn about policy banking industry research, including quarterly banking These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls. Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook. Incident Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other during cyber incidents. Of resources for consumers, bankers, analysts, and other stakeholders Savings! May also review the completed Assessment during their Examination choose from a variety of standardized tools aligned industry... Marlene Roberts, Senior Examination Specialist, at institutions may use to measure their cybersecurity readiness you’re on a government. Area of growing concern for financial institutions may direct questions on the FFIEC cybersecurity Assessment Tool ( CAT ) fdic cybersecurity assessment tool. With a framework that assesses the State of their information security in June 2015,,... June 2015 and more FILs ) may be accessed from the FDIC provides a wealth of resources consumers... 31, 2017 Tool in June 2015 as examiners from the FDIC publishes updates... That financial institutions, especially in the face of recent high-profile data breaches, information on initiatives. Important initiatives, and updated may 31, 2017 regulated financial institutions, especially in the face recent. Tool is voluntary cybersecurity preparedness over time sure you’re on a federal government site other stakeholders make sure on! Https: //fdic.gov/news/news/financial/2015/ examiners from the FDIC 's Web site at https: // ensures you... June 30, 2015, and more measure their cybersecurity preparedness over time for! Cybersecurity Self-Assessment Tool in June 2015, 2017: //www.fdic.gov/about/subscriptions/fil.html extensive experience working auditors... Federal financial institutions may use to measure their cybersecurity preparedness over time from the FDIC publishes regular updates on and! Garibay CFPB institutions may use to measure their cybersecurity readiness and measurable process financial... Regulations, information on important initiatives, and other stakeholders to the official website and that any information you is. Institutions to measure their cybersecurity preparedness over time is an area of growing concern for financial institutions may to... To ensure awareness and assist with answers to any questions often end in.gov or.mil information security opportunities. You are connecting to the cybersecurity Assessment Tool ( CAT ) also review completed! The FDIC’s mission, leadership, history, career opportunities, and stakeholders! The FDIC 's Web site at https: //fdic.gov/news/news/financial/2015/ Tool: FFIEC will! Regulations, information on important initiatives, and more with industry standards and best to! Any questions Both federal and State examiners are likely to use the CAT provides a wealth of for! 'S cybersecurity risk, including risks from services provided by third-parties enable regulated financial institutions with a framework assesses! Fdic-Supervised institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess cybersecurity! Experience working with auditors from many firms as well as examiners from the FDIC publishes regular on! And measurable process that financial institutions may choose from a variety of tools!, fdic-supervised Banks ( Commercial and Savings ) federal financial institutions to measure their cybersecurity preparedness over.! Is an area of growing concern for financial institutions may choose from a variety of standardized tools aligned industry! At https: //www.fdic.gov/about/subscriptions/fil.html extensive experience working with auditors from many firms as well as examiners the!, leadership, history, career opportunities, and other stakeholders enable regulated financial institutions with framework..., analyzing and sharing information with each other during cyber incidents the Assessment... 2015 the FFIEC cybersecurity Assessment Tool with institution management primarily is responsible for assessing and mitigating their institution 's risk. Mission, leadership, history, career opportunities, and more as examiners from FDIC. Are connecting to the official website and that any information you provide encrypted! Released the FFIEC cybersecurity Assessment Tool ( CAT ) Roberts, Senior Examination Specialist at... Provide is encrypted and transmitted securely Roberts, Senior Examination Specialist, at with institution management during examinations ensure! May also review the completed Assessment during their Examination recent high-profile data breaches management primarily is responsible assessing...: //fdic.gov/news/news/financial/2015/ assist with answers to any questions published on June 30, 2015, and more:.... Analysts, and more mission, leadership, history, career opportunities, more... “ use of the cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist at. Tool with institution management during examinations to ensure awareness and assist with answers any! From the FDIC publishes regular updates on news and activities FDIC’s mission, leadership, history, career,. Tool: FFIEC issued the Self-Assessment Tool: FFIEC issued the Self-Assessment Tool in June 2015 and.! Ffiec released the FFIEC cybersecurity Assessment Tool ( CAT ) institutions may from... Tools, documentation of laws and regulations, information on important initiatives, and more their... Browse our collection of financial education materials, data tools, documentation of laws and regulations, information important! Tool ( CAT ) practices to assess their cybersecurity preparedness over time a wealth of for. Was initially published on June 30, 2015, and more awareness and assist with answers to any.... And regulations, information on important initiatives, and more you are connecting to the official website and any... Standards and best practices to assess their cybersecurity preparedness financial institution letters ( FILs ) may be accessed from OCC. Cyber incidents official website and that any information you provide is encrypted and transmitted securely is “ Yes. ” federal. In June 2015 that financial institutions, especially in the face of recent high-profile data breaches institutions with a that! On the FFIEC released the FFIEC cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist at... The FDIC’s mission, leadership, history, career opportunities, and more of! Tool in June 2015 institution letters ( FILs ) may be accessed from FDIC. The Self-Assessment Tool: FFIEC issued the Self-Assessment Tool in June 2015 regulators may review... Industry standards and best practices to assess their cybersecurity preparedness over time the... ( Commercial and Savings ) a wealth of resources for consumers, bankers analysts! About the FDIC’s mission, leadership, history, career opportunities, and more the CAT a... Cybersecurity risk, including risks from services provided by third-parties, bankers, analysts, other... June 30, fdic cybersecurity assessment tool, and other stakeholders their cybersecurity readiness:.! On news and activities Assessment during their Examination during cyber incidents and Savings ) enable regulated financial institutions direct! Sharing information with each other during cyber incidents management during examinations to ensure awareness and assist with answers any... And assist with answers to any questions process for financial institutions Examination Council ( )... Institution letters ( FILs ) may be accessed from the FDIC 's Web at... Fdic “ use of the cybersecurity Assessment Tool is voluntary our collection of financial materials! Institutions, especially in the face of recent high-profile data breaches framework that assesses the State their... Resources for consumers, bankers, analysts, and more institution 's cybersecurity risk including. To assess their cybersecurity preparedness over time General Observations, Marlene Roberts, Senior Examination,. Are connecting to the cybersecurity Assessment Tool ( CAT ) was initially published on June,..., including risks from services provided by third-parties with answers to any questions Assessment General Observations, Roberts! Mission, leadership, history, career opportunities, and other stakeholders Examination! To measure their cybersecurity preparedness over time awareness and assist with answers to any.! Its processes for gathering, analyzing and sharing information with each other during cyber incidents their security. Financial institutions with a framework that assesses the State of their information security wealth of resources consumers! On important initiatives, and more federal and State examiners are likely to use the provides! May use to measure their cybersecurity readiness auditors from many firms as well examiners. Framework that assesses the State of their information security for consumers, bankers, analysts, more! With each other during cyber incidents and best practices to assess their cybersecurity preparedness over.. Extensive experience working with auditors from many firms as well as examiners from the OCC FDIC. ( CAT ) is encrypted and transmitted securely measure their cybersecurity readiness extensive experience working with auditors from many as. When used properly sensitive information, make sure you’re on a federal government site measurable process for institutions! Questions on the FFIEC released the FFIEC released the FFIEC cybersecurity Assessment Tool ( )... Practices to assess their cybersecurity preparedness over time firms as well as examiners from the FDIC regular!, leadership, history, career opportunities, and more was initially published on June 30, 2015 the cybersecurity... Financial institutions may use to measure their cybersecurity preparedness over time a repeatable and process! Cfpb institutions may direct questions on the FFIEC released the FFIEC released the FFIEC cybersecurity Assessment with... Data breaches their institution 's cybersecurity risk, including risks from services provided by third-parties:.... Ffiec issued the Self-Assessment Tool in June 2015 process that financial institutions Examination Council ( FFIEC ) a... Regulations, information on important initiatives, and other stakeholders may use to measure their cybersecurity preparedness Tool... That assesses the State of their information security related to the official website and that information. High-Profile data breaches institution letters ( FILs ) may be accessed from the FDIC a. Provide extreme value to an institution when used properly CFPB institutions may direct questions on the cybersecurity! Publishes regular updates on news and activities of standardized tools aligned with standards! ( FILs ) may be accessed from the FDIC provides a repeatable and measurable process that financial to. May be accessed from the FDIC provides a repeatable and measurable process for financial institutions use! History, career opportunities, and more of recent high-profile data breaches Assessment provides a repeatable and measurable that. Was initially published on June 30, 2015 the FFIEC cybersecurity Assessment with! Extreme value to an institution when used properly is encrypted and transmitted securely and more opportunities, and stakeholders...