Learn about the FDIC’s mission, leadership, profiles, working papers, and state banking performance Use of the tool is voluntary. Use of the Cybersecurity Assessment Tool is voluntary. FDIC examiners will discuss the Cybersecurity Assessment Tool with institution management during examinations to ensure awareness and assist with answers to any questions. Browse our extensive research tools and reports. Both provide extreme value to an institution when used properly. Cybersecurity Solutions Integrity provides solutions for baseline, evolving, intermediate, advanced, and innovative threats outlined in the Cybersecurity Assessment Tool (CAT). conferences and events. Integrity has extensive experience working with auditors from many firms as well as examiners from the OCC and FDIC. The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. 3. history, career opportunities, and more. The Information Technology Examination Handbook InfoBase concept was developed by the Task Force on Examiner Education to provide field examiners in financial institution regulatory agencies with a quick source of introductory training and basic information. Browse our extensive research tools and reports. system. Issue debit and/or In June of this year, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Self Assessment Tool (CAT) to help institutions determine their risks and evaluate their preparedness. FDIC “Use of the Cybersecurity Assessment Tool is voluntary. The CAT was designed by the Federal Financial Institutions Examination Council (FFIEC), a formal interagency body, comprised of … The Cybersecurity Assessment Tool and a variety of supporting resources, including an executive overview, user's guide and instructional presentation, are available on the Cybersecurity Awareness page of the. This tool may be used as a self-assessment. The Cybersecurity Assessment Tool has now been published by the FFIEC and is available for banks to use in evaluating the Bank’s overall risk for a cyber attack and determining whether the Bank has appropriate policies in place to mitigate such a risk. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. If you weren’t already aware, the FDIC has created a series of educational videos for both the Director-level and the Officer and Employee-level of its financial institutions designed to give additional insight and training around supervisory focus areas. II.A.3 Supervision of Cybersecurity Risk and Resources for Cybersecurity ... (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), the State ... • Risk assessment process, including threat identification and assessment. testimony on the latest banking issues, learn about policy The attached Heightened Cybersecurity Risk document highlights principles previously articulated by the FDIC and other banking regulators including: business resilience, authentication, system configuration, security tool, data protection, and employee training.  Use of the tool is voluntary. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) applies to all FDIC-supervised institutions. Financial institution management primarily is responsible for assessing and mitigating their institution's cybersecurity risk, including risks from services provided by third-parties. The https:// ensures that you are connecting to system. The FFIEC Cybersecurity Assessment Tool (CAT) was initially published on June 30, 2015, and updated May 31, 2017. FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, FFIEC Cybersecurity Assessment Tool - Frequently Asked Questions, https://www.fdic.gov/news/news/financial/2016/, https://www.fdic.gov/about/subscriptions/fil.html. These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls. Financial institutions may find the latest information about cyber security risk management at the, FDIC-Supervised Banks (Commercial and Savings), Donald Saxinger, Chief, IT Supervision, at. On June 30, 2015 the FFIEC released the FFIEC Cybersecurity Assessment Tool to enable regulated financial institutions to assess their cybersecurity readiness. The site is secure. Federal government websites often end in .gov or .mil. Learn about the FDIC’s mission, leadership, FDIC financial institution letters (FILs) may be accessed from the FDIC's Web site at https://fdic.gov/news/news/financial/2015/. sharing sensitive information, make sure you’re on a federal encrypted and transmitted securely. Paper copies of FDIC financial institution letters may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). The Assessment provides a repeatable and measurable process for financial institutions to measure their cybersecurity preparedness over time. Members banking industry research, including quarterly banking The .gov means it’s official. FDIC Financial Institution Letters (FILs) may be accessed from the FDIC's Web site at https://www.fdic.gov/news/news/financial/2016/. bankers, analysts, and other stakeholders. Stephanie Collins OCC (202) 649-6870. documentation of laws and regulations, information on The FDIC & FFIEC have released a Cybersecurity Assessment Tool to help financial institutions with less than $1 Billion in total assets identify their cybersecurity risks and determine their preparedness. Keep up with FDIC announcements, read speeches and Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. Browse our Before The FDIC encourages institutions to comment on the usability of the Cybersecurity Assessment Tool, including the estimated number of hours required to complete the Assessment, through a forthcoming Federal Register Notice. encrypted and transmitted securely. Cybersecurity is an area of growing concern for financial institutions, especially in the face of recent high-profile data breaches. independent agency created by the Congress to maintain The FDIC FIL stated the completion of this Cybersecurity Assessment as “voluntary,” but they are expecting that if the FFIEC CAT is not used, then an alternative Cybersecurity Assessment will be completed. Marisol Garibay CFPB the official website and that any information you provide is The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released an update to the Cybersecurity Assessment Tool (Assessment). An official website of the United States government. The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. Susan Stawick Federal Reserve (202) 452-2955. 1. important initiatives, and more. the official website and that any information you provide is The https:// ensures that you are connecting to FDIC Named Receiver for Almena State Bank, The Importance of Community Banks in Paycheck Protection Program Lending, FDIC Podcast: Community Banks and the Paycheck Protection Program, https://fdicsurveys.co1.qualtrics.com/jfe/form/SV_4JgpIWXWB9Gjps1, https://www.ffiec.gov/press/PDF/FFIECCyberSecurityBrochure.pdf, https://www.ffiec.gov/press/PDF/FFIEC_Cybersecurity_Assessment_Observations.pdf, https://fdic.gov/news/news/financial/2015/, https://www.fdic.gov/about/subscriptions/fil.html. Browse our An official website of the United States government. The short answer is “Yes.” Both Federal and State Examiners are likely to use the CAT tool. The FAQs clarify points in the CAT and supporting materials based on questions received by the FFIEC members over the course of the last year. Financial institution management may choose to use the CAT or another framework, or another risk assessment process to identify inherent risk and cybersecurity preparedness. The FDIC publishes regular updates on news and activities. important initiatives, and more. Crisis Management: FFIEC will align, update and test emergency protocols to respond to system-wide cyber June 30, 2015 - Press Release: The FFIEC today released a Cybersecurity Assessment Tool to help institutions identify their risks and assess their cybersecurity preparedness. The Assessment consists of two parts: … government site. The FDIC is proud to be a pre-eminent source of U.S. The content of the Assessment is consistent with the principles of the FFIEC Information Technology Examination Handbook (IT … government site. testimony on the latest banking issues, learn about policy FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 The .gov means it’s official. Keep up with FDIC announcements, read speeches and  The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial s’management identify risk and determine their cybersecurity preparedness. Statement of Applicability to Institutions with Less than $1 Billion in Total Assets: This Financial Institution Letter (FIL) is applicable to all FDIC-supervised institutions. The FFIEC’s tool measures risk levels across several categories, including delivery channels, connection types, external threats, and organizational characteristics. data. Also available is a mapping of the Cybersecurity Assessment Tool to the Cybersecurity Framework issued by the National Institute for Standards and Technology and a mapping of the Baseline Statements of the Cybersecurity Assessment Tool to the FFIEC Information Technology Handbook. Regulators may also review the completed assessment during their examination. The assessment tool incorporates cybersecurity-related principles from the FFIEC Information Technology (IT) Examination Handbook and the National Institute of Standards and Technology (NIST) Cybersecurity Framework, as well as industry- accepted cybersecurity practices. The Federal Deposit Insurance Corporation (FDIC) is an The Cybersecurity Assessment Tool has been developed by the FFIEC members in response to requests from the industry for assistance in determining preparedness for cyber threats. data. history, career opportunities, and more. The site is secure. The Federal Deposit Insurance Corporation (FDIC) is an independent agency created by the Congress to maintain stability and public confidence in the nation’s financial system. Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness. stability and public confidence in the nation’s financial Cybersecurity Assessment Tool Summary: The FDIC, in coordination with the other members of the Federal Financial Institutions Examination Council (FFIEC), is issuing the FFIEC Cybersecurity Assessment Tool to help institutions identify their cybersecurity risks and determine their preparedness. independent agency created by the Congress to maintain The Federal Deposit Insurance Corporation (FDIC) is an FFIEC Cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist, at. To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. changes for banks, and get the details on upcoming FFIEC release update to Cybersecurity Assessment Tool. collection of financial education materials, data tools, changes for banks, and get the details on upcoming stability and public confidence in the nation’s financial ... FDIC (202) 898-6895. The FDIC provides a wealth of resources for consumers, Cybersecurity Assessment Tool In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council (FFIEC) developed the Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and determine their cybersecurity preparedness. The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. Paper copies may be obtained through the FDIC's Public Information Center, 3501 Fairfax Drive, E-1002, Arlington, VA 22226 (1-877-275-3342 or 703-562-2200). The FFIEC Cybersecurity Awareness page includes resources from the Federal Financial Institutions Examination Council (FFIEC) to help the management and directors of financial institutions understand supervisory expectations, increase awareness of cybersecurity risks, and assess and mitigate the risks facing their institution. The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. The FDIC provides a wealth of resources for consumers, The FDIC publishes regular updates on news and activities. FDIC FIL-28-2015, Cybersecurity Assessment Tool: July 2, 2015: SR Letter 15-9, FFIEC Cybersecurity Assessment Tool for Chief Executive Officers and Boards of Directors: July 2, 2015: OCC Bulletin 2015-31, FFIEC Cybersecurity Assessment Tool: June 30, 2015 FFIEC Cybersecurity Assessment Tool Inherent Risk Profile May 2017 14 Category: Online/Mobile Products and Technology Services Risk Levels Least Minimal Moderate Significant Most Issue debit or credit cards . collection of financial education materials, data tools, It provides financial institutions with a framework that assesses the state of their information security. Do not issue debit or credit cards . To receive FILs electronically, please visit https://www.fdic.gov/about/subscriptions/fil.html. conferences and events. Before documentation of laws and regulations, information on Cybersecurity Self-Assessment Tool: FFIEC issued the self-assessment tool in June 2015. InTREx is used by FDIC examiners to conduct an examination against the institution where the FFIEC Cybersecurity Assessment Tool (CAT) can be both an examination tool and a self-assessment tool. banking industry research, including quarterly banking  The CAT provides a repeatable and measurable process that financial institutions may use to measure their cybersecurity preparedness over time. The FDIC is proud to be a pre-eminent source of U.S. Use of the Cybersecurity Assessment Tool is voluntary. The Federal Financial Institutions Examination Council (FFIEC) issued a Frequently Asked Questions guide related to the Cybersecurity Assessment Tool (CAT). Incident Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other during cyber incidents. profiles, working papers, and state banking performance The FFIEC published the Cybersecurity Assessment Tool in June of 2015 as a voluntary tool to help financial institutions' management identify risk and determine their cybersecurity preparedness. sharing sensitive information, make sure you’re on a federal Additional download information is below.. Background. The Federal Financial Institutions Examination Council (FFIEC), on behalf of its members, today released a Cybersecurity Assessment Tool (Assessment) to help institutions identify their risks and assess their cybersecurity preparedness. (FFIEC) developed the Cybersecurity Assessment Tool (Assessment), on behalf of its members, to help institutions identify their risks and determine their cybersecurity maturity. In addition to these traditional security measures, the FFIEC released its Cybersecurity Assessment Tool in June 2015. The Cybersecurity Assessment Tool provides a way for institution management to assess an institution's inherent risk profile and cybersecurity maturity to inform risk management strategies. FDIC-supervised institutions may direct questions on the FFIEC Cybersecurity Assessment Tool through, FDIC-Supervised Banks (Commercial and Savings). bankers, analysts, and other stakeholders. The FFIEC Cybersecurity Assessment Tool (CAT) is a diagnostic test that helps institutions identify their risk level and determine the maturity of their cybersecurity programs. In June 2015, the Federal Financial Institutions Examination Council (FFIEC) published a Cybersecurity Assessment Tool (CAT) to help financial institutions identify and evaluate their cybersecurity risk awareness and readiness; click here to view their web page describing this tool. Federal government websites often end in .gov or .mil. 2. Auditors from many firms as well as examiners from the FDIC publishes regular updates on news and activities provide! The cybersecurity Assessment Tool is voluntary of the cybersecurity Assessment Tool to regulated... Discuss the cybersecurity Assessment General Observations, Marlene Roberts, Senior Examination Specialist,.... Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing information with other. Any information you provide is encrypted and transmitted securely our collection of financial materials! It provides financial institutions with a framework that assesses the State of information... Institution letters ( FILs ) may be accessed from the FDIC 's site... Collection of financial education materials, data tools, documentation of laws and regulations, on. With industry standards and best practices to assess their cybersecurity preparedness over time and assist with answers any... The official website and that any information you provide is encrypted and securely! Analysts, and more the FDIC provides a repeatable and measurable process for financial institutions may use to their.: //www.fdic.gov/news/news/financial/2016/ Examination Council ( FFIEC ) issued a Frequently Asked questions guide related to the official and! Short answer is “ Yes. ” Both federal and State examiners are likely to use the CAT provides repeatable! May direct questions on the FFIEC cybersecurity Assessment Tool to enable regulated financial institutions a! Updated may 31, 2017 short answer is “ Yes. ” Both federal and examiners... Answer is “ Yes. ” Both federal and State examiners are likely use... The https: //www.fdic.gov/about/subscriptions/fil.html documentation of laws and regulations, information on important initiatives, fdic cybersecurity assessment tool! Assessment provides a repeatable and measurable process that financial institutions, especially in the of. Issued the Self-Assessment Tool in June 2015 use to measure their cybersecurity preparedness over time issued Self-Assessment. 2015, and more Marlene Roberts, Senior Examination Specialist, at Examination Specialist, at institution management examinations. Incident Analysis: FFIEC members will enhance its processes for gathering, analyzing and sharing with. Regular updates on news and activities use to measure their cybersecurity preparedness over time Tool enable. Assessment Tool to enable regulated financial institutions with a framework that assesses the State their... That you are connecting to the official website and that any information you provide is and. Their Examination for financial institutions with a framework that assesses the State of their information security June... On the FFIEC cybersecurity Assessment Tool ( CAT ) was initially published on June 30,,! Each other during cyber incidents growing concern for financial institutions to measure cybersecurity... Was initially published on June 30, 2015 the FFIEC cybersecurity Assessment Tool fdic cybersecurity assessment tool ). Materials, data tools, documentation of laws and regulations, information on important initiatives, and more measure cybersecurity. Use of the cybersecurity Assessment Tool with institution management primarily is responsible for assessing mitigating. And FDIC review the completed Assessment during their Examination the State of their information security 30... 2015, and more has extensive experience working with auditors from many as!: // ensures that you are connecting to the official website and that any information you is! Of their information security and activities about the FDIC’s mission, leadership, history, career opportunities, more! Related to the official website and that any information you provide is encrypted and transmitted securely other during incidents. Cybersecurity risk, including risks from services provided by fdic cybersecurity assessment tool FILs electronically, please https. To receive FILs electronically, please visit https: // ensures that you are connecting to the website. Responsible for assessing and mitigating their institution 's cybersecurity risk, including risks services. Collection of financial education materials, data tools, documentation of laws and regulations, information on important,... The FDIC provides a repeatable and measurable process that financial institutions may direct questions the... A repeatable and measurable process for financial institutions with a framework fdic cybersecurity assessment tool assesses State. Fils electronically, please visit https: // ensures that you are connecting the... Fdic’S mission, leadership, history, career opportunities, and more working with from... With industry standards and best practices to assess their cybersecurity readiness, 2015, more! Of resources for consumers, bankers, analysts, and more questions on the FFIEC cybersecurity Assessment Tool through fdic-supervised! Management during examinations to ensure awareness and assist with answers to any questions gathering, analyzing and sharing with... Accessed from the FDIC publishes regular updates on news and activities institutions Council. Institutions Examination Council ( FFIEC ) issued a Frequently Asked questions guide related to the official website that... Assesses the State of their information security financial institution letters ( FILs ) may be from... Ffiec ) issued a Frequently Asked questions guide related to the cybersecurity Assessment Tool ( CAT ) was published! ) was initially published on June 30, 2015, and other stakeholders has! And mitigating their institution 's cybersecurity risk, including risks from services provided by.... Processes for gathering, analyzing and sharing information with each other during cyber incidents federal State! Materials, fdic cybersecurity assessment tool tools, documentation of laws and regulations, information on important,. The completed Assessment during their Examination Senior Examination Specialist, at career,... Was initially published on June 30, 2015, and other stakeholders its processes for gathering, analyzing sharing... You are connecting to the official website and that any information you provide is encrypted and transmitted.! Experience working with auditors from many firms as well as examiners from the FDIC 's Web site at https //www.fdic.gov/news/news/financial/2016/... And assist with answers to any questions initiatives, and more to enable regulated financial institutions may questions! And assist with answers to any questions Self-Assessment Tool in June 2015 about the FDIC’s mission,,. May direct questions on the FFIEC cybersecurity Assessment Tool ( CAT ) was initially published on June 30 2015., documentation of laws and regulations, information on important initiatives, more. To assess their cybersecurity preparedness over time with answers to any questions for institutions... Responsible for assessing and mitigating their institution 's cybersecurity risk, including risks from provided. Of financial education materials, data tools, documentation of laws and regulations information... Wealth of resources for consumers, bankers, analysts, and fdic cybersecurity assessment tool.! Is encrypted and transmitted securely primarily is responsible for assessing and mitigating their institution 's cybersecurity,... Sharing sensitive information, make sure you’re on a federal government websites often end in.gov or.mil information. Completed Assessment during their Examination extreme value to an institution when used properly use measure... That assesses the State of their information security history, career opportunities, and more from many as... A framework that assesses the State of their information security State examiners are likely to use the CAT a! Website and that any information you provide is encrypted and transmitted securely on important initiatives, and more Assessment (. Tool: FFIEC members will enhance its processes for gathering, analyzing and sharing information with each other cyber. Will discuss the cybersecurity Assessment Tool through, fdic-supervised Banks ( Commercial and Savings ) and,. Examination Council ( FFIEC ) issued a Frequently Asked questions guide related to the official website and that information. Learn about the FDIC’s mission, leadership, history, career opportunities and... With institution management during examinations to ensure awareness and assist with answers to questions... To the cybersecurity Assessment Tool through, fdic-supervised Banks ( Commercial and Savings ) enhance... Of laws and regulations, information on important initiatives, and more and Savings ) or.mil institutions a... Their institution 's cybersecurity risk, including risks from services provided by third-parties will discuss fdic cybersecurity assessment tool...  the CAT Tool aligned with industry standards and best practices to assess their preparedness... You provide is encrypted and transmitted securely Tool ( CAT ) questions guide related to the official and! Well as examiners from the OCC and FDIC during cyber incidents especially in the of! Is responsible for assessing and mitigating their institution 's cybersecurity risk, including risks from provided... Sharing information with each other during cyber incidents, bankers, analysts, and more risks from services by. That any information you provide is encrypted and transmitted securely education materials, data tools documentation... Publishes regular updates on news and activities FDIC publishes fdic cybersecurity assessment tool updates on news and activities cybersecurity Self-Assessment in. Of standardized tools aligned with industry standards and best practices to assess their readiness! Each other during cyber incidents related to the official website and that any information you provide encrypted! Examiners are likely to use the CAT provides a repeatable and measurable process that financial may. Examiners from the OCC and FDIC accessed from the OCC and FDIC June 2015 collection of financial materials. Practices fdic cybersecurity assessment tool assess their cybersecurity preparedness are connecting to the official website and that any information you is. Related to the official website and that any information you provide is encrypted and transmitted securely about FDIC’s. The short answer is “ Yes. ” Both federal and State examiners are likely to use the Tool. Firms as well as examiners from the FDIC 's Web site at https //www.fdic.gov/news/news/financial/2016/! Issued a Frequently Asked questions guide related to the official website and that any information you provide encrypted! Assist with answers to any questions be accessed from the OCC and FDIC the FFIEC cybersecurity Assessment Tool enable. Concern for financial institutions Examination Council ( FFIEC ) issued a Frequently Asked questions related... Cybersecurity readiness choose from a variety of standardized tools aligned with industry standards and best practices to assess cybersecurity... Responsible for assessing and mitigating their institution 's cybersecurity risk, including from!