WASHINGTON–The Federal Financial Institutions Examination Council (FFIEC), which includes NCUA, has issued a statement emphasizing the benefits of using a standardized approach to assessing and improving cybersecurity preparedness.
Various tools available are highlighted below.
The FFIEC members noted that by adopting a standardized approach they are better able to track their progress over time, and share information and best practices with other financial institutions and with regulators.
“Institutions may choose from a variety of standardized tools aligned with industry standards and best practices to assess their cybersecurity preparedness,” the FFIEC said. “These tools include the FFIEC Cybersecurity Assessment Tool, the National Institute of Standards and Technology Cybersecurity Framework, the Financial Services Sector Coordinating Council Cybersecurity Profile, and the Center for Internet Security Critical Security Controls.”
While the FFIEC said it does not endorse any particular tool, these standardized tools support institutions in their self-assessment activities.
“The tools are not examination programs and the FFIEC members take a risk-focused approach to examinations,” the organization added. “As cyber risk evolves, examiners may address areas not covered by all tools.
The tools available include: